From b2c4c6ff83256f374af6bb29731917c2e76b1430 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Thu, 9 Aug 2018 16:34:27 +0200 Subject: [PATCH 01/78] setools-4.2.0-0.1.beta - New upstream release -- Replaced the Python/SWIG/static-linked-libsepol policyrep module with a Cython implementation. This will have performance and memory-usage improvements and breaks the static linking to libsepol. -- Significant memory usage reduction in sediff (approximately 60%, depending on the policies). -- Added support for SCTP portcons -- Updated permission maps -- Support for Python 2.7 was dropped - Drop python2 subpackage (4.2.0 no longer supports python2) --- 0001-Do-not-use-Werror-during-build.patch | 40 +++--------- ...e-setools.InfoFlowAnalysis-and-setoo.patch | 63 +++++++++---------- setools.spec | 61 ++++-------------- sources | 1 + 4 files changed, 53 insertions(+), 112 deletions(-) diff --git a/0001-Do-not-use-Werror-during-build.patch b/0001-Do-not-use-Werror-during-build.patch index ff4523c..f6430fe 100644 --- a/0001-Do-not-use-Werror-during-build.patch +++ b/0001-Do-not-use-Werror-during-build.patch @@ -1,49 +1,27 @@ -From 617c3ae83c1c72ead627a57e1529724c62df807f Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 23 Feb 2017 08:17:07 +0100 +From 42e691b12c03aac388e39071f4b8d76cbc40e5c5 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Fri, 29 Jun 2018 10:34:14 +0200 Subject: [PATCH 1/2] Do not use -Werror during build -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit There are new warnings when setools are built with gcc 7 therefore we want to suppress -Werror for now - -Fixes: -libqpol/policy_extend.c: In function ‘policy_extend’: -libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~ -libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~~~~~~~ -In file included from /usr/include/stdio.h:939:0, - from /usr/include/sepol/policydb/policydb.h:53, - from libqpol/policy_extend.c:29: -/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9 - return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - __bos (__s), __fmt, __va_arg_pack ()); - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -cc1: all warnings being treated as errors -error: command 'gcc' failed with exit status 1 --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py -index 2ca44c9..9319bf6 100644 +index aa4f14b..e4da575 100644 --- a/setup.py +++ b/setup.py -@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol', - 'libqpol/policy_scan.c', - 'libqpol/xen_query.c'], - include_dirs=include_dirs, +@@ -62,7 +62,7 @@ ext_py_mods = [Extension('setools.policyrep.libpolicyrep', ['setools/policyrep/l + library_dirs=lib_dirs, + runtime_library_dirs=lib_dirs, + define_macros=macros, - extra_compile_args=['-Werror', '-Wextra', + extra_compile_args=['-Wextra', '-Waggregate-return', '-Wfloat-equal', '-Wformat', '-Wformat=2', -- -2.9.3 +2.14.3 diff --git a/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch index a5d982a..c1479e6 100644 --- a/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ b/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -1,6 +1,6 @@ -From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 23 Feb 2017 08:17:07 +0100 +From 39a28c23990f667ef1dc50c3fe6d0ca79a7e793d Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Fri, 29 Jun 2018 10:31:18 +0200 Subject: [PATCH 2/2] Do not export/use setools.InfoFlowAnalysis and setools.DomainTransitionAnalysis @@ -12,28 +12,29 @@ Therefore it's better to use setools.infoflow.InfoFlowAnalysis and setools.dta.DomainTransitionAnalysis and let the package containing sedta and seinfoflow to require python3-networkx --- - sedta | 3 ++- + sedta | 4 ++-- seinfoflow | 3 ++- setools/__init__.py | 4 ++-- setoolsgui/apol/dta.py | 2 +- setoolsgui/apol/infoflow.py | 2 +- - tests/dta.py | 3 ++- - tests/infoflow.py | 3 ++- - 7 files changed, 12 insertions(+), 8 deletions(-) + tests/dta.py | 2 +- + tests/infoflow.py | 2 +- + 7 files changed, 10 insertions(+), 9 deletions(-) diff --git a/sedta b/sedta -index 1c76ebb..255ad49 100755 +index 84820b0..8c380ab 100755 --- a/sedta +++ b/sedta -@@ -23,6 +23,7 @@ import argparse +@@ -21,7 +21,7 @@ import sys + import argparse import logging - import setools +-import setools +import setools.dta def print_transition(trans): -@@ -111,7 +112,7 @@ else: +@@ -110,7 +110,7 @@ else: try: p = setools.SELinuxPolicy(args.policy) @@ -43,18 +44,18 @@ index 1c76ebb..255ad49 100755 if args.shortest_path or args.all_paths: if args.shortest_path: diff --git a/seinfoflow b/seinfoflow -index b287921..d53bdef 100755 +index 3ec05ca..89764fe 100755 --- a/seinfoflow +++ b/seinfoflow -@@ -19,6 +19,7 @@ +@@ -18,6 +18,7 @@ + # - from __future__ import print_function import setools +import setools.infoflow import argparse import sys import logging -@@ -79,7 +80,7 @@ else: +@@ -78,7 +79,7 @@ else: try: p = setools.SELinuxPolicy(args.policy) m = setools.PermissionMap(args.map) @@ -64,7 +65,7 @@ index b287921..d53bdef 100755 if args.shortest_path or args.all_paths: if args.shortest_path: diff --git a/setools/__init__.py b/setools/__init__.py -index a84c846..a53c5a7 100644 +index a84c846..cbb2a00 100644 --- a/setools/__init__.py +++ b/setools/__init__.py @@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery @@ -72,12 +73,12 @@ index a84c846..a53c5a7 100644 # Information Flow Analysis -from .infoflow import InfoFlowAnalysis -+# from .infoflow import InfoFlowAnalysis ++#from .infoflow import InfoFlowAnalysis from .permmap import PermissionMap # Domain Transition Analysis -from .dta import DomainTransitionAnalysis -+# from .dta import DomainTransitionAnalysis ++#from .dta import DomainTransitionAnalysis # Policy difference from .diff import PolicyDifference @@ -95,10 +96,10 @@ index 0aaf13f..5b1ea20 100644 from ..logtosignal import LogHandlerToSignal from .analysistab import AnalysisTab diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index 1ae16de..fdf8f7b 100644 +index b272a99..7b05945 100644 --- a/setoolsgui/apol/infoflow.py +++ b/setoolsgui/apol/infoflow.py -@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread +@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread from PyQt5.QtGui import QPalette, QTextCursor from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ QTreeWidgetItem @@ -108,33 +109,31 @@ index 1ae16de..fdf8f7b 100644 from ..logtosignal import LogHandlerToSignal diff --git a/tests/dta.py b/tests/dta.py -index 32b9271..2bdd052 100644 +index be04ae4..de4f337 100644 --- a/tests/dta.py +++ b/tests/dta.py -@@ -17,7 +17,8 @@ - # +@@ -18,7 +18,7 @@ + import os import unittest --from setools import SELinuxPolicy, DomainTransitionAnalysis -+from setools import SELinuxPolicy +-from setools import DomainTransitionAnalysis +from setools.dta import DomainTransitionAnalysis from setools import TERuletype as TERT from setools.policyrep.exception import InvalidType - from setools.policyrep.typeattr import Type + from setools.policyrep.libpolicyrep import Type diff --git a/tests/infoflow.py b/tests/infoflow.py -index 7751dda..a21c683 100644 +index 87bb1b0..dc1e7b9 100644 --- a/tests/infoflow.py +++ b/tests/infoflow.py -@@ -17,7 +17,8 @@ - # +@@ -18,7 +18,7 @@ + import os import unittest --from setools import SELinuxPolicy, InfoFlowAnalysis -+from setools import SELinuxPolicy +-from setools import InfoFlowAnalysis +from setools.infoflow import InfoFlowAnalysis from setools import TERuletype as TERT from setools.permmap import PermissionMap from setools.policyrep.exception import InvalidType -- -2.9.3 +2.14.3 diff --git a/setools.spec b/setools.spec index 4e27b70..26c6646 100644 --- a/setools.spec +++ b/setools.spec @@ -1,28 +1,21 @@ -# sitelib for noarch packages, sitearch for others (remove the unneeded one) -%{!?__python2: %global __python2 %__python} -%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} -%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} - -# % global setools_pre_ver beta.1.8e09d95 +%global setools_pre_ver beta # % global gitver f1e5b20 %global sepol_ver 2.7-1 %global selinux_ver 2.7-1 Name: setools -Version: 4.1.1 -Release: 11%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Version: 4.2.0 +Release: 0.1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 -URL: https://github.com/TresysTechnology/setools/wiki -Source0: https://github.com/TresysTechnology/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz +URL: https://github.com/SELinuxProject/setools/wiki +Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz Source1: setools.pam Source2: apol.desktop Patch1: 0001-Do-not-use-Werror-during-build.patch Patch2: 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch -Patch3: 0003-bswap_-macros-are-defined-in-byteswap.h.patch -Patch4: 0004-Add-support-for-SCTP-protocol.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison @@ -30,10 +23,10 @@ BuildRequires: glibc-devel, gcc, git BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver} BuildRequires: qt5-qtbase-devel BuildRequires: swig -BuildRequires: python2-devel -BuildRequires: python2-setuptools +BuildRequires: python3-Cython BuildRequires: python3-devel BuildRequires: python3-setuptools +BuildRequires: libselinux-devel # BuildArch: Requires: python3-%{name} = %{version}-%{release} @@ -76,25 +69,10 @@ This package includes the following console tools: seinfoflow Perform information flow analyses. -%package -n python2-setools -Summary: Policy analysis tools for SELinux -Recommends: python2-libselinux -%{?python_provide:%python_provide python2-setools} -# Remove before F30 -Provides: %{name}-python = %{version}-%{release} -Provides: %{name}-python%{?_isa} = %{version}-%{release} -Obsoletes: %{name}-python < %{version}-%{release} -Requires: python2-enum34 - -%description -n python2-setools -SETools is a collection of graphical tools, command-line tools, and -Python 2 modules designed to facilitate SELinux policy analysis. - %package -n python3-setools Summary: Policy analysis tools for SELinux Obsoletes: setools-libs < 4.0.0 Recommends: libselinux-python3 -%{?python_provide:%python_provide python2-setools} # Remove before F30 Provides: %{name}-python3 = %{version}-%{release} Provides: %{name}-python3%{?_isa} = %{version}-%{release} @@ -116,37 +94,22 @@ Python modules designed to facilitate SELinux policy analysis. %prep -%autosetup -p 1 -S git - -cp -a ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 +%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} %build # Remove CFLAGS=... for noarch packages (unneeded) CFLAGS="%{optflags}" %{__python3} setup.py build -pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 -# Remove CFLAGS=... for noarch packages (unneeded) -CFLAGS="%{optflags}" %{__python2} setup.py build -popd - %install rm -rf %{buildroot} -pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 -%{__python2} setup.py install --root %{buildroot} -popd - rm -rf %{buildroot}%{_bindir} %{__python3} setup.py install --root %{buildroot} %check %if %{?_with_check:1}%{!?_with_check:0} %{__python3} setup.py test - -pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 -%{__python2} setup.py test -popd %endif @@ -166,10 +129,6 @@ popd %{_mandir}/man1/sedta* %{_mandir}/man1/seinfoflow* -%files -n python2-setools -%license COPYING COPYING.GPL COPYING.LGPL -%{python2_sitearch}/* - %files -n python3-setools %license COPYING COPYING.GPL COPYING.LGPL %{python3_sitearch}/setools @@ -181,6 +140,10 @@ popd %{_mandir}/man1/apol* %changelog +* Thu Aug 09 2018 Vit Mojzis - 4.2.0-0.1.beta +- New upstream release +- Drop python2 subpackage (4.2.0 no longer supports python2) + * Sat Jul 14 2018 Fedora Release Engineering - 4.1.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild diff --git a/sources b/sources index 7fde505..3e706c1 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ SHA512 (4.1.1.tar.gz) = 2e55a3b07e2f94d7c84054f31d266567b9acc708fe2b0e16ac3ea24e8301c712bcf564ff915a6135a1a6ba6822682bb3a6530dae20161a832fb7048364acbd04 +SHA512 (4.2.0-beta.tar.gz) = 97d27d16d0aa0c6346e42eb0948114c52e1d25f29a33827c3f4663311e134bd4195eb54b38e4b5fe99b3f6a28a7aa2c90043ebab16c1e0407f4663133cc815b8 From 56ba58467229b4a89b0af5ccbbdd2c1769161e3d Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 22 Aug 2018 18:01:19 +0200 Subject: [PATCH 02/78] Fix SCTP patch Fixes: Failed to load default permission map: /usr/lib64/python3.6/site-packages/setools/perm_map:391:Invalid class declaration: ['sendto', 'w', '10'] https://github.com/SELinuxProject/setools/issues/9 --- 0004-Add-support-for-SCTP-protocol.patch | 41 ++++++++++++++++++++---- 1 file changed, 34 insertions(+), 7 deletions(-) diff --git a/0004-Add-support-for-SCTP-protocol.patch b/0004-Add-support-for-SCTP-protocol.patch index 4223a46..f22a538 100644 --- a/0004-Add-support-for-SCTP-protocol.patch +++ b/0004-Add-support-for-SCTP-protocol.patch @@ -9,9 +9,9 @@ Signed-off-by: Vit Mojzis --- libqpol/include/qpol/linux_types.h | 1 + libqpol/policy_define.c | 5 +++++ - setools/perm_map | 30 ++++++++++++++++++++++++++++++ + setools/perm_map | 36 +++++++++++++++++++++++++++--- setools/policyrep/netcontext.py | 5 +++++ - 4 files changed, 41 insertions(+) + 4 files changed, 44 insertions(+), 3 deletions(-) diff --git a/libqpol/include/qpol/linux_types.h b/libqpol/include/qpol/linux_types.h index c3c056b..0985162 100644 @@ -49,9 +49,27 @@ index dcc69fc..1e623a3 100644 yyerror2("unrecognized protocol %s", id); goto bad; diff --git a/setools/perm_map b/setools/perm_map -index 0a9f91c..25fae09 100644 +index 0a9f91c..8bd34f5 100644 --- a/setools/perm_map +++ b/setools/perm_map +@@ -27,7 +27,7 @@ + # Look to the examples below for further clarification. + # + # Number of object classes. +-95 ++96 + + class netlink_audit_socket 27 + nlmsg_relay w 10 +@@ -376,7 +376,7 @@ class file 22 + quotaon b 1 + swapon b 1 + +-class node 11 ++class node 13 + rawip_recv r 10 + tcp_recv r 10 + udp_recv r 10 @@ -385,6 +385,8 @@ class node 11 udp_send w 10 dccp_recv r 10 @@ -94,6 +112,15 @@ index 0a9f91c..25fae09 100644 class netlink_firewall_socket 24 nlmsg_write w 10 nlmsg_read r 10 +@@ -973,7 +1001,7 @@ class key_socket 22 + relabelto w 10 + listen r 1 + +-class netif 10 ++class netif 12 + rawip_recv r 10 + tcp_recv r 10 + udp_recv r 10 @@ -984,6 +1012,8 @@ class netif 10 udp_send w 10 dccp_recv r 10 @@ -104,10 +131,10 @@ index 0a9f91c..25fae09 100644 class packet_socket 22 append w 10 diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py -index c7076d2..2d890f3 100644 +index 9a01fc5..630b42c 100644 --- a/setools/policyrep/netcontext.py +++ b/setools/policyrep/netcontext.py -@@ -38,6 +38,10 @@ try: +@@ -35,6 +35,10 @@ try: IPPROTO_DCCP = getprotobyname("dccp") except socket.error: IPPROTO_DCCP = 33 @@ -118,7 +145,7 @@ index c7076d2..2d890f3 100644 def netifcon_factory(policy, name): -@@ -196,6 +200,7 @@ class PortconProtocol(int, PolicyEnum): +@@ -161,6 +165,7 @@ class PortconProtocol(int, PolicyEnum): tcp = IPPROTO_TCP udp = IPPROTO_UDP dccp = IPPROTO_DCCP @@ -127,5 +154,5 @@ index c7076d2..2d890f3 100644 class Portcon(NetContext): -- -2.14.3 +2.18.0 From b2615bd52cf918148390d3ee13d1cfc02908c8f8 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 22 Aug 2018 18:08:05 +0200 Subject: [PATCH 03/78] setools-4.1.1-12 - Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9 - Update URL to SELinuxProject/setools - Require userspace release 2.8 --- setools.spec | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/setools.spec b/setools.spec index 4e27b70..876a7d6 100644 --- a/setools.spec +++ b/setools.spec @@ -6,17 +6,17 @@ # % global setools_pre_ver beta.1.8e09d95 # % global gitver f1e5b20 -%global sepol_ver 2.7-1 -%global selinux_ver 2.7-1 +%global sepol_ver 2.8-1 +%global selinux_ver 2.8-1 Name: setools Version: 4.1.1 -Release: 11%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 12%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 -URL: https://github.com/TresysTechnology/setools/wiki -Source0: https://github.com/TresysTechnology/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz +URL: https://github.com/SELinuxProject/setools/wiki +Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz Source1: setools.pam Source2: apol.desktop Patch1: 0001-Do-not-use-Werror-during-build.patch @@ -181,6 +181,9 @@ popd %{_mandir}/man1/apol* %changelog +* Wed Aug 22 2018 Petr Lautrbach - 4.1.1-12 +- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9 + * Sat Jul 14 2018 Fedora Release Engineering - 4.1.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild From fd63d73041c48649617984e5156b117acd4d1663 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 23 Aug 2018 11:16:34 +0200 Subject: [PATCH 04/78] setools-gui requires python3-setools --- setools.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/setools.spec b/setools.spec index 876a7d6..69d9a4e 100644 --- a/setools.spec +++ b/setools.spec @@ -107,6 +107,7 @@ Python 3 modules designed to facilitate SELinux policy analysis. %package gui Summary: Policy analysis graphical tools for SELinux +Requires: python3-setools = %{version}-%{release} Requires: python3-qt5 Requires: python3-networkx From 618f976e7b8c89570bf71ec232168dbb19335baf Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 23 Aug 2018 12:20:26 +0200 Subject: [PATCH 05/78] Rebuild --- setools.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setools.spec b/setools.spec index 69d9a4e..9f0f20c 100644 --- a/setools.spec +++ b/setools.spec @@ -11,7 +11,7 @@ Name: setools Version: 4.1.1 -Release: 12%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 12.1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -182,7 +182,7 @@ popd %{_mandir}/man1/apol* %changelog -* Wed Aug 22 2018 Petr Lautrbach - 4.1.1-12 +* Wed Aug 22 2018 Petr Lautrbach - 4.1.1-12.1 - Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9 * Sat Jul 14 2018 Fedora Release Engineering - 4.1.1-11 From ec182abe694b7c2aa1785a23bc185fc626b7b896 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Wed, 29 Aug 2018 12:56:24 +0200 Subject: [PATCH 06/78] setools-4.1.1-13 - Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371) --- setools.spec | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 9f0f20c..a45b1c8 100644 --- a/setools.spec +++ b/setools.spec @@ -11,7 +11,7 @@ Name: setools Version: 4.1.1 -Release: 12.1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 13%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -85,6 +85,7 @@ Provides: %{name}-python = %{version}-%{release} Provides: %{name}-python%{?_isa} = %{version}-%{release} Obsoletes: %{name}-python < %{version}-%{release} Requires: python2-enum34 +Requires: python2-setuptools %description -n python2-setools SETools is a collection of graphical tools, command-line tools, and @@ -99,6 +100,7 @@ Recommends: libselinux-python3 Provides: %{name}-python3 = %{version}-%{release} Provides: %{name}-python3%{?_isa} = %{version}-%{release} Obsoletes: %{name}-python3 < %{version}-%{release} +Requires: python3-setuptools %description -n python3-setools SETools is a collection of graphical tools, command-line tools, and @@ -182,6 +184,10 @@ popd %{_mandir}/man1/apol* %changelog +* Wed Aug 29 2018 Vit Mojzis - 4.1.1-13 +- Add Requires for python[23]-setuptools - no longer required (just recommended) + by python[23] (#1623371) + * Wed Aug 22 2018 Petr Lautrbach - 4.1.1-12.1 - Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9 From bb7caed6f5a4d6dd57562dc7b908e53239e6bdca Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Wed, 19 Sep 2018 10:39:26 +0200 Subject: [PATCH 07/78] setools-4.2.0-0.2.beta - Require userspace release 2.8 - setools-gui requires python3-setools - Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371) --- setools.spec | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/setools.spec b/setools.spec index 26c6646..e2746c4 100644 --- a/setools.spec +++ b/setools.spec @@ -1,12 +1,12 @@ %global setools_pre_ver beta # % global gitver f1e5b20 -%global sepol_ver 2.7-1 -%global selinux_ver 2.7-1 +%global sepol_ver 2.8-1 +%global selinux_ver 2.8-1 Name: setools Version: 4.2.0 -Release: 0.1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 0.2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -77,6 +77,7 @@ Recommends: libselinux-python3 Provides: %{name}-python3 = %{version}-%{release} Provides: %{name}-python3%{?_isa} = %{version}-%{release} Obsoletes: %{name}-python3 < %{version}-%{release} +Requires: python3-setuptools %description -n python3-setools SETools is a collection of graphical tools, command-line tools, and @@ -85,6 +86,7 @@ Python 3 modules designed to facilitate SELinux policy analysis. %package gui Summary: Policy analysis graphical tools for SELinux +Requires: python3-setools = %{version}-%{release} Requires: python3-qt5 Requires: python3-networkx @@ -140,6 +142,11 @@ rm -rf %{buildroot}%{_bindir} %{_mandir}/man1/apol* %changelog +* Wed Sep 19 2018 Vit Mojzis - 4.2.0-0.2.beta +- Require userspace release 2.8 +- setools-gui requires python3-setools +- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371) + * Thu Aug 09 2018 Vit Mojzis - 4.2.0-0.1.beta - New upstream release - Drop python2 subpackage (4.2.0 no longer supports python2) From 56e46874bdb5490387ba9b173314d0f2389bc46d Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Tue, 25 Sep 2018 18:12:41 +0200 Subject: [PATCH 08/78] Remove old tar from sources --- .gitignore | 1 + sources | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitignore b/.gitignore index 255e868..fa4c2bc 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ setools-3.3.8.tar.bz2 setools-3.3.8-f1e5b20.tar.bz2 /4.1.0.tar.gz /4.1.1.tar.gz +/4.2.0-beta.tar.gz diff --git a/sources b/sources index 3e706c1..e4abbd6 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -SHA512 (4.1.1.tar.gz) = 2e55a3b07e2f94d7c84054f31d266567b9acc708fe2b0e16ac3ea24e8301c712bcf564ff915a6135a1a6ba6822682bb3a6530dae20161a832fb7048364acbd04 SHA512 (4.2.0-beta.tar.gz) = 97d27d16d0aa0c6346e42eb0948114c52e1d25f29a33827c3f4663311e134bd4195eb54b38e4b5fe99b3f6a28a7aa2c90043ebab16c1e0407f4663133cc815b8 From c6b3f2cce158d1c4f96adb598c5e8481a4f84d89 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Mon, 1 Oct 2018 12:11:16 +0200 Subject: [PATCH 09/78] setools-4.2.0-0.3.rc - Changes since v4.2.0-beta: -- Fixed performance regressions -- Made further memory usage improvements -- Fixed build issues with clean target and runtime_library_dirs -- Revised package structure to make policyrep a module of the setools package -- Symbol names are now available as the name attribute (e.g. Boolean.name, Type.name, etc.) -- Fixed some apol layouts to increase the size of text fields -- Move constraint expression to its own class -- Made Conditional.evaluate() more useful and added BaseTERule.enabled() method to determine if a rule is enabled - Rebase patches --- .gitignore | 1 + 0001-Do-not-use-Werror-during-build.patch | 12 ++--- ...e-setools.InfoFlowAnalysis-and-setoo.patch | 49 ++++++++++--------- setools.spec | 7 ++- sources | 2 +- 5 files changed, 38 insertions(+), 33 deletions(-) diff --git a/.gitignore b/.gitignore index fa4c2bc..cdc5f37 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.1.0.tar.gz /4.1.1.tar.gz /4.2.0-beta.tar.gz +/4.2.0-rc.tar.gz diff --git a/0001-Do-not-use-Werror-during-build.patch b/0001-Do-not-use-Werror-during-build.patch index f6430fe..9864f5f 100644 --- a/0001-Do-not-use-Werror-during-build.patch +++ b/0001-Do-not-use-Werror-during-build.patch @@ -1,6 +1,6 @@ -From 42e691b12c03aac388e39071f4b8d76cbc40e5c5 Mon Sep 17 00:00:00 2001 +From 8ef1a20824c2055cc16b66b56018a95e30b9a73c Mon Sep 17 00:00:00 2001 From: Vit Mojzis -Date: Fri, 29 Jun 2018 10:34:14 +0200 +Date: Mon, 1 Oct 2018 15:50:09 +0200 Subject: [PATCH 1/2] Do not use -Werror during build There are new warnings when setools are built with gcc 7 therefore we @@ -10,12 +10,12 @@ want to suppress -Werror for now 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py -index aa4f14b..e4da575 100644 +index 0530d59..027d315 100644 --- a/setup.py +++ b/setup.py -@@ -62,7 +62,7 @@ ext_py_mods = [Extension('setools.policyrep.libpolicyrep', ['setools/policyrep/l +@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'], + libraries=['selinux', 'sepol'], library_dirs=lib_dirs, - runtime_library_dirs=lib_dirs, define_macros=macros, - extra_compile_args=['-Werror', '-Wextra', + extra_compile_args=['-Wextra', @@ -23,5 +23,5 @@ index aa4f14b..e4da575 100644 '-Wfloat-equal', '-Wformat', '-Wformat=2', -- -2.14.3 +2.17.1 diff --git a/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch index c1479e6..364ce4d 100644 --- a/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ b/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -1,6 +1,6 @@ -From 39a28c23990f667ef1dc50c3fe6d0ca79a7e793d Mon Sep 17 00:00:00 2001 +From 7a38c92583b5b6d6b14b43ba9b8c56d4e04b0b82 Mon Sep 17 00:00:00 2001 From: Vit Mojzis -Date: Fri, 29 Jun 2018 10:31:18 +0200 +Date: Mon, 1 Oct 2018 17:16:28 +0200 Subject: [PATCH 2/2] Do not export/use setools.InfoFlowAnalysis and setools.DomainTransitionAnalysis @@ -13,16 +13,16 @@ setools.dta.DomainTransitionAnalysis and let the package containing sedta and seinfoflow to require python3-networkx --- sedta | 4 ++-- - seinfoflow | 3 ++- + seinfoflow | 4 ++-- setools/__init__.py | 4 ++-- setoolsgui/apol/dta.py | 2 +- setoolsgui/apol/infoflow.py | 2 +- tests/dta.py | 2 +- tests/infoflow.py | 2 +- - 7 files changed, 10 insertions(+), 9 deletions(-) + 7 files changed, 10 insertions(+), 10 deletions(-) diff --git a/sedta b/sedta -index 84820b0..8c380ab 100755 +index 10cf43a..b75b4e1 100755 --- a/sedta +++ b/sedta @@ -21,7 +21,7 @@ import sys @@ -34,7 +34,7 @@ index 84820b0..8c380ab 100755 def print_transition(trans): -@@ -110,7 +110,7 @@ else: +@@ -111,7 +111,7 @@ else: try: p = setools.SELinuxPolicy(args.policy) @@ -44,18 +44,19 @@ index 84820b0..8c380ab 100755 if args.shortest_path or args.all_paths: if args.shortest_path: diff --git a/seinfoflow b/seinfoflow -index 3ec05ca..89764fe 100755 +index 3ec05ca..32a9a3e 100755 --- a/seinfoflow +++ b/seinfoflow -@@ -18,6 +18,7 @@ +@@ -17,7 +17,7 @@ + # along with SETools. If not, see . # - import setools +-import setools +import setools.infoflow import argparse import sys import logging -@@ -78,7 +79,7 @@ else: +@@ -78,7 +78,7 @@ else: try: p = setools.SELinuxPolicy(args.policy) m = setools.PermissionMap(args.map) @@ -65,51 +66,51 @@ index 3ec05ca..89764fe 100755 if args.shortest_path or args.all_paths: if args.shortest_path: diff --git a/setools/__init__.py b/setools/__init__.py -index a84c846..cbb2a00 100644 +index 7b70f5e..020be31 100644 --- a/setools/__init__.py +++ b/setools/__init__.py -@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery +@@ -73,11 +73,11 @@ from .pcideviceconquery import PcideviceconQuery from .devicetreeconquery import DevicetreeconQuery # Information Flow Analysis -from .infoflow import InfoFlowAnalysis -+#from .infoflow import InfoFlowAnalysis ++# from .infoflow import InfoFlowAnalysis from .permmap import PermissionMap # Domain Transition Analysis -from .dta import DomainTransitionAnalysis -+#from .dta import DomainTransitionAnalysis ++# from .dta import DomainTransitionAnalysis # Policy difference from .diff import PolicyDifference diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index 0aaf13f..5b1ea20 100644 +index 4608b9d..2cde44c 100644 --- a/setoolsgui/apol/dta.py +++ b/setoolsgui/apol/dta.py @@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread from PyQt5.QtGui import QPalette, QTextCursor from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem + QTreeWidgetItem -from setools import DomainTransitionAnalysis +from setools.dta import DomainTransitionAnalysis from ..logtosignal import LogHandlerToSignal from .analysistab import AnalysisTab diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index b272a99..7b05945 100644 +index 7bca299..7fee277 100644 --- a/setoolsgui/apol/infoflow.py +++ b/setoolsgui/apol/infoflow.py @@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread from PyQt5.QtGui import QPalette, QTextCursor from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem + QTreeWidgetItem -from setools import InfoFlowAnalysis +from setools.infoflow import InfoFlowAnalysis from setools.exception import UnmappedClass, UnmappedPermission from ..logtosignal import LogHandlerToSignal diff --git a/tests/dta.py b/tests/dta.py -index be04ae4..de4f337 100644 +index a0cc938..177e6fb 100644 --- a/tests/dta.py +++ b/tests/dta.py @@ -18,7 +18,7 @@ @@ -119,10 +120,10 @@ index be04ae4..de4f337 100644 -from setools import DomainTransitionAnalysis +from setools.dta import DomainTransitionAnalysis from setools import TERuletype as TERT - from setools.policyrep.exception import InvalidType - from setools.policyrep.libpolicyrep import Type + from setools.exception import InvalidType + from setools.policyrep import Type diff --git a/tests/infoflow.py b/tests/infoflow.py -index 87bb1b0..dc1e7b9 100644 +index aa0e44a..fca2848 100644 --- a/tests/infoflow.py +++ b/tests/infoflow.py @@ -18,7 +18,7 @@ @@ -132,8 +133,8 @@ index 87bb1b0..dc1e7b9 100644 -from setools import InfoFlowAnalysis +from setools.infoflow import InfoFlowAnalysis from setools import TERuletype as TERT + from setools.exception import InvalidType from setools.permmap import PermissionMap - from setools.policyrep.exception import InvalidType -- -2.14.3 +2.17.1 diff --git a/setools.spec b/setools.spec index e2746c4..62dbd6d 100644 --- a/setools.spec +++ b/setools.spec @@ -1,4 +1,4 @@ -%global setools_pre_ver beta +%global setools_pre_ver rc # % global gitver f1e5b20 %global sepol_ver 2.8-1 @@ -6,7 +6,7 @@ Name: setools Version: 4.2.0 -Release: 0.2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 0.3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -142,6 +142,9 @@ rm -rf %{buildroot}%{_bindir} %{_mandir}/man1/apol* %changelog +* Mon Oct 01 2018 Vit Mojzis - 4.2.0-0.3.rc +- Update upstream source to 4.2.0-rc + * Wed Sep 19 2018 Vit Mojzis - 4.2.0-0.2.beta - Require userspace release 2.8 - setools-gui requires python3-setools diff --git a/sources b/sources index e4abbd6..698097f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.2.0-beta.tar.gz) = 97d27d16d0aa0c6346e42eb0948114c52e1d25f29a33827c3f4663311e134bd4195eb54b38e4b5fe99b3f6a28a7aa2c90043ebab16c1e0407f4663133cc815b8 +SHA512 (4.2.0-rc.tar.gz) = 0bd0921d945b96b6126a0e7bbb9497881a12784fea54573c0a87655979f25c14406406bede55ccbcfce54c256f55a764c11424167dced8aa76b0d3892aaec20f From 522fb13c602a5b687691f7230fe6c430ec534817 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Wed, 14 Nov 2018 17:12:12 +0100 Subject: [PATCH 10/78] setools-4.2.0-1 - Changes since 4.2.0-rc -- Restored missing statement() methods in some policyrep classes -- Fixed NULL pointer dereference when iterating over type attributes when the policy has none -- Added xdp_socket permission mapping --- .gitignore | 1 + ...ap_-macros-are-defined-in-byteswap.h.patch | 26 ---- 0004-Add-support-for-SCTP-protocol.patch | 131 ------------------ ... 1001-Do-not-use-Werror-during-build.patch | 0 ...e-setools.InfoFlowAnalysis-and-setoo.patch | 0 setools.spec | 13 +- sources | 2 +- 7 files changed, 9 insertions(+), 164 deletions(-) delete mode 100644 0003-bswap_-macros-are-defined-in-byteswap.h.patch delete mode 100644 0004-Add-support-for-SCTP-protocol.patch rename 0001-Do-not-use-Werror-during-build.patch => 1001-Do-not-use-Werror-during-build.patch (100%) rename 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch => 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch (100%) diff --git a/.gitignore b/.gitignore index cdc5f37..d309c49 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.1.1.tar.gz /4.2.0-beta.tar.gz /4.2.0-rc.tar.gz +/4.2.0.tar.gz diff --git a/0003-bswap_-macros-are-defined-in-byteswap.h.patch b/0003-bswap_-macros-are-defined-in-byteswap.h.patch deleted file mode 100644 index f5445a9..0000000 --- a/0003-bswap_-macros-are-defined-in-byteswap.h.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 2ac588919dd96d3d624e6ec20c67d1d91386e879 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 10 Aug 2017 08:23:47 +0200 -Subject: [PATCH] bswap_* macros are defined in byteswap.h - -Fixes ImportError on s390x: -/usr/lib64/python3.6/site-packages/setools/policyrep/_qpol.cpython-36m-s390x-linux-gnu.so: undefined symbol: bswap_32 ---- - libqpol/policy.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/libqpol/policy.c b/libqpol/policy.c -index ae3acb5..e412be0 100644 ---- a/libqpol/policy.c -+++ b/libqpol/policy.c -@@ -28,6 +28,7 @@ - - #include "qpol_internal.h" - #include -+#include - #include - #include - #include --- -2.13.3 - diff --git a/0004-Add-support-for-SCTP-protocol.patch b/0004-Add-support-for-SCTP-protocol.patch deleted file mode 100644 index 4223a46..0000000 --- a/0004-Add-support-for-SCTP-protocol.patch +++ /dev/null @@ -1,131 +0,0 @@ -From 3ef6369a22691e8e11cbf63f37b114941b3577a1 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Mon, 16 Apr 2018 20:46:20 +0200 -Subject: [PATCH] Add support for SCTP protocol - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1568333 - -Signed-off-by: Vit Mojzis ---- - libqpol/include/qpol/linux_types.h | 1 + - libqpol/policy_define.c | 5 +++++ - setools/perm_map | 30 ++++++++++++++++++++++++++++++ - setools/policyrep/netcontext.py | 5 +++++ - 4 files changed, 41 insertions(+) - -diff --git a/libqpol/include/qpol/linux_types.h b/libqpol/include/qpol/linux_types.h -index c3c056b..0985162 100644 ---- a/libqpol/include/qpol/linux_types.h -+++ b/libqpol/include/qpol/linux_types.h -@@ -12,6 +12,7 @@ typedef uint16_t __u16; - #define s6_addr32 __u6_addr32 - - #define IPPROTO_DCCP 33 -+#define IPPROTO_SCTP 132 - #endif - - #endif -diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c -index dcc69fc..1e623a3 100644 ---- a/libqpol/policy_define.c -+++ b/libqpol/policy_define.c -@@ -44,6 +44,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - #include - #include - #include -@@ -4933,6 +4936,8 @@ int define_port_context(unsigned int low, unsigned int high) - protocol = IPPROTO_UDP; - } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { - protocol = IPPROTO_DCCP; -+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { -+ protocol = IPPROTO_SCTP; - } else { - yyerror2("unrecognized protocol %s", id); - goto bad; -diff --git a/setools/perm_map b/setools/perm_map -index 0a9f91c..25fae09 100644 ---- a/setools/perm_map -+++ b/setools/perm_map -@@ -385,6 +385,8 @@ class node 11 - udp_send w 10 - dccp_recv r 10 - dccp_send w 10 -+ sctp_recv r 10 -+ sctp_send w 10 - enforce_dest n 1 - sendto w 10 - recvfrom r 10 -@@ -699,6 +701,32 @@ class dccp_socket 24 - relabelto w 10 - listen r 1 - -+class sctp_socket 24 -+ node_bind n 1 -+ name_connect w 10 -+ append w 10 -+ bind w 1 -+ connect w 1 -+ create w 1 -+ write w 10 -+ relabelfrom r 10 -+ ioctl n 1 -+ name_bind n 1 -+ sendto w 10 -+ recv_msg r 10 -+ send_msg w 10 -+ getattr r 7 -+ setattr w 7 -+ accept r 1 -+ getopt r 1 -+ read r 10 -+ setopt w 1 -+ shutdown w 1 -+ recvfrom r 10 -+ lock n 1 -+ relabelto w 10 -+ listen r 1 -+ - class netlink_firewall_socket 24 - nlmsg_write w 10 - nlmsg_read r 10 -@@ -984,6 +1012,8 @@ class netif 10 - udp_send w 10 - dccp_recv r 10 - dccp_send w 10 -+ sctp_recv r 10 -+ sctp_send w 10 - - class packet_socket 22 - append w 10 -diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py -index c7076d2..2d890f3 100644 ---- a/setools/policyrep/netcontext.py -+++ b/setools/policyrep/netcontext.py -@@ -38,6 +38,10 @@ try: - IPPROTO_DCCP = getprotobyname("dccp") - except socket.error: - IPPROTO_DCCP = 33 -+try: -+ IPPROTO_SCTP = getprotobyname("sctp") -+except socket.error: -+ IPPROTO_SCTP = 132 - - - def netifcon_factory(policy, name): -@@ -196,6 +200,7 @@ class PortconProtocol(int, PolicyEnum): - tcp = IPPROTO_TCP - udp = IPPROTO_UDP - dccp = IPPROTO_DCCP -+ sctp = IPPROTO_SCTP - - - class Portcon(NetContext): --- -2.14.3 - diff --git a/0001-Do-not-use-Werror-during-build.patch b/1001-Do-not-use-Werror-during-build.patch similarity index 100% rename from 0001-Do-not-use-Werror-during-build.patch rename to 1001-Do-not-use-Werror-during-build.patch diff --git a/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch similarity index 100% rename from 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch rename to 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch diff --git a/setools.spec b/setools.spec index 62dbd6d..17bf9a3 100644 --- a/setools.spec +++ b/setools.spec @@ -1,4 +1,4 @@ -%global setools_pre_ver rc +# % global setools_pre_ver rc # % global gitver f1e5b20 %global sepol_ver 2.8-1 @@ -6,7 +6,7 @@ Name: setools Version: 4.2.0 -Release: 0.3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -14,8 +14,8 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch1: 0001-Do-not-use-Werror-during-build.patch -Patch2: 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +Patch1001: 1001-Do-not-use-Werror-during-build.patch +Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison @@ -105,8 +105,6 @@ CFLAGS="%{optflags}" %{__python3} setup.py build %install -rm -rf %{buildroot} -rm -rf %{buildroot}%{_bindir} %{__python3} setup.py install --root %{buildroot} %check @@ -142,6 +140,9 @@ rm -rf %{buildroot}%{_bindir} %{_mandir}/man1/apol* %changelog +* Wed Nov 14 2018 Vit Mojzis - 4.2.0-1 +- Update source to SETools 4.2.0 release + * Mon Oct 01 2018 Vit Mojzis - 4.2.0-0.3.rc - Update upstream source to 4.2.0-rc diff --git a/sources b/sources index 698097f..7f09bef 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.2.0-rc.tar.gz) = 0bd0921d945b96b6126a0e7bbb9497881a12784fea54573c0a87655979f25c14406406bede55ccbcfce54c256f55a764c11424167dced8aa76b0d3892aaec20f +SHA512 (4.2.0.tar.gz) = b51f458f7f2d1b569f63478f53709268615f711104915cc2d5031b2049435e4f43a103ebe50c9797ebe4b2645bf1974c73c2f53e7f602ae03c47221edb89d680 From 0818b3952b4def536439e46a0982ec87c89b9e20 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 2 Feb 2019 15:14:20 +0000 Subject: [PATCH 11/78] - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index a45b1c8..35001d2 100644 --- a/setools.spec +++ b/setools.spec @@ -11,7 +11,7 @@ Name: setools Version: 4.1.1 -Release: 13%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 14%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -184,6 +184,9 @@ popd %{_mandir}/man1/apol* %changelog +* Sat Feb 02 2019 Fedora Release Engineering - 4.1.1-14 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + * Wed Aug 29 2018 Vit Mojzis - 4.1.1-13 - Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371) From aae45ee4799a18c2289b0b0ea2a8e6e46d231d87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Wed, 13 Feb 2019 01:09:32 +0100 Subject: [PATCH 12/78] https://fedoraproject.org/wiki/Changes/Python_Extension_Flags --- setools.spec | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/setools.spec b/setools.spec index 35001d2..abbfc54 100644 --- a/setools.spec +++ b/setools.spec @@ -125,8 +125,7 @@ cp -a ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} ../setools-%{ %build -# Remove CFLAGS=... for noarch packages (unneeded) -CFLAGS="%{optflags}" %{__python3} setup.py build +%py3_build pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 # Remove CFLAGS=... for noarch packages (unneeded) @@ -141,7 +140,7 @@ pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 popd rm -rf %{buildroot}%{_bindir} -%{__python3} setup.py install --root %{buildroot} +%py3_install %check %if %{?_with_check:1}%{!?_with_check:0} From 5443cd02b99f9a64b703e95f61297f32b8e47b73 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 26 Jul 2019 23:07:24 +0000 Subject: [PATCH 13/78] - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index abbfc54..0921554 100644 --- a/setools.spec +++ b/setools.spec @@ -11,7 +11,7 @@ Name: setools Version: 4.1.1 -Release: 14%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 15%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -183,6 +183,9 @@ popd %{_mandir}/man1/apol* %changelog +* Fri Jul 26 2019 Fedora Release Engineering - 4.1.1-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + * Sat Feb 02 2019 Fedora Release Engineering - 4.1.1-14 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild From 082b752534ef54a49adbb7c2e1da779fa2257599 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Thu, 9 Aug 2018 16:34:27 +0200 Subject: [PATCH 14/78] SETools 4.2.2 release - Replaced the Python/SWIG/static-linked-libsepol policyrep module with a Cython implementation. This will have performance and memory-usage improvements and breaks the static linking to libsepol. - Significant memory usage reduction in sediff (approximately 60%, depending on the policies). - Added support for SCTP portcons - Updated permission maps - Support for Python 2.7 was dropped - Drop python2 subpackage (4.2.0 no longer supports python2) - Require userspace release 2.9 - setools-gui requires python3-setools - Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371) - Fixed performance regressions - Made further memory usage improvements - Fixed build issues with clean target and runtime_library_dirs - Revised package structure to make policyrep a module of the setools package - Symbol names are now available as the name attribute (e.g. Boolean.name, Type.name, etc.) - Fixed some apol layouts to increase the size of text fields - Move constraint expression to its own class - Made Conditional.evaluate() more useful and added BaseTERule.enabled() method to determine if a rule is enabled - Restored missing statement() methods in some policyrep classes - Fixed NULL pointer dereference when iterating over type attributes when the policy has none - Added xdp_socket permission mapping - SELinuxPolicy: Create a map of aliases on policy load - Remove source policy references from man pages, as loading source policies is no longer supported. - Fix a performance regression in alias loading after alias dereferencing fixes in 4.2.1 --- .gitignore | 5 + ...ap_-macros-are-defined-in-byteswap.h.patch | 26 --- 0004-Add-support-for-SCTP-protocol.patch | 158 ------------------ ... 1001-Do-not-use-Werror-during-build.patch | 16 +- ...e-setools.InfoFlowAnalysis-and-setoo.patch | 87 +++++----- setools.spec | 96 ++++------- sources | 2 +- 7 files changed, 91 insertions(+), 299 deletions(-) delete mode 100644 0003-bswap_-macros-are-defined-in-byteswap.h.patch delete mode 100644 0004-Add-support-for-SCTP-protocol.patch rename 0001-Do-not-use-Werror-during-build.patch => 1001-Do-not-use-Werror-during-build.patch (81%) rename 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch => 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch (67%) diff --git a/.gitignore b/.gitignore index 255e868..3053379 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,8 @@ setools-3.3.8.tar.bz2 setools-3.3.8-f1e5b20.tar.bz2 /4.1.0.tar.gz /4.1.1.tar.gz +/4.2.0-beta.tar.gz +/4.2.0-rc.tar.gz +/4.2.0.tar.gz +/4.2.1.tar.gz +/4.2.2.tar.gz diff --git a/0003-bswap_-macros-are-defined-in-byteswap.h.patch b/0003-bswap_-macros-are-defined-in-byteswap.h.patch deleted file mode 100644 index f5445a9..0000000 --- a/0003-bswap_-macros-are-defined-in-byteswap.h.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 2ac588919dd96d3d624e6ec20c67d1d91386e879 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 10 Aug 2017 08:23:47 +0200 -Subject: [PATCH] bswap_* macros are defined in byteswap.h - -Fixes ImportError on s390x: -/usr/lib64/python3.6/site-packages/setools/policyrep/_qpol.cpython-36m-s390x-linux-gnu.so: undefined symbol: bswap_32 ---- - libqpol/policy.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/libqpol/policy.c b/libqpol/policy.c -index ae3acb5..e412be0 100644 ---- a/libqpol/policy.c -+++ b/libqpol/policy.c -@@ -28,6 +28,7 @@ - - #include "qpol_internal.h" - #include -+#include - #include - #include - #include --- -2.13.3 - diff --git a/0004-Add-support-for-SCTP-protocol.patch b/0004-Add-support-for-SCTP-protocol.patch deleted file mode 100644 index f22a538..0000000 --- a/0004-Add-support-for-SCTP-protocol.patch +++ /dev/null @@ -1,158 +0,0 @@ -From 3ef6369a22691e8e11cbf63f37b114941b3577a1 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Mon, 16 Apr 2018 20:46:20 +0200 -Subject: [PATCH] Add support for SCTP protocol - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1568333 - -Signed-off-by: Vit Mojzis ---- - libqpol/include/qpol/linux_types.h | 1 + - libqpol/policy_define.c | 5 +++++ - setools/perm_map | 36 +++++++++++++++++++++++++++--- - setools/policyrep/netcontext.py | 5 +++++ - 4 files changed, 44 insertions(+), 3 deletions(-) - -diff --git a/libqpol/include/qpol/linux_types.h b/libqpol/include/qpol/linux_types.h -index c3c056b..0985162 100644 ---- a/libqpol/include/qpol/linux_types.h -+++ b/libqpol/include/qpol/linux_types.h -@@ -12,6 +12,7 @@ typedef uint16_t __u16; - #define s6_addr32 __u6_addr32 - - #define IPPROTO_DCCP 33 -+#define IPPROTO_SCTP 132 - #endif - - #endif -diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c -index dcc69fc..1e623a3 100644 ---- a/libqpol/policy_define.c -+++ b/libqpol/policy_define.c -@@ -44,6 +44,9 @@ - #ifndef IPPROTO_DCCP - #define IPPROTO_DCCP 33 - #endif -+#ifndef IPPROTO_SCTP -+#define IPPROTO_SCTP 132 -+#endif - #include - #include - #include -@@ -4933,6 +4936,8 @@ int define_port_context(unsigned int low, unsigned int high) - protocol = IPPROTO_UDP; - } else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) { - protocol = IPPROTO_DCCP; -+ } else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) { -+ protocol = IPPROTO_SCTP; - } else { - yyerror2("unrecognized protocol %s", id); - goto bad; -diff --git a/setools/perm_map b/setools/perm_map -index 0a9f91c..8bd34f5 100644 ---- a/setools/perm_map -+++ b/setools/perm_map -@@ -27,7 +27,7 @@ - # Look to the examples below for further clarification. - # - # Number of object classes. --95 -+96 - - class netlink_audit_socket 27 - nlmsg_relay w 10 -@@ -376,7 +376,7 @@ class file 22 - quotaon b 1 - swapon b 1 - --class node 11 -+class node 13 - rawip_recv r 10 - tcp_recv r 10 - udp_recv r 10 -@@ -385,6 +385,8 @@ class node 11 - udp_send w 10 - dccp_recv r 10 - dccp_send w 10 -+ sctp_recv r 10 -+ sctp_send w 10 - enforce_dest n 1 - sendto w 10 - recvfrom r 10 -@@ -699,6 +701,32 @@ class dccp_socket 24 - relabelto w 10 - listen r 1 - -+class sctp_socket 24 -+ node_bind n 1 -+ name_connect w 10 -+ append w 10 -+ bind w 1 -+ connect w 1 -+ create w 1 -+ write w 10 -+ relabelfrom r 10 -+ ioctl n 1 -+ name_bind n 1 -+ sendto w 10 -+ recv_msg r 10 -+ send_msg w 10 -+ getattr r 7 -+ setattr w 7 -+ accept r 1 -+ getopt r 1 -+ read r 10 -+ setopt w 1 -+ shutdown w 1 -+ recvfrom r 10 -+ lock n 1 -+ relabelto w 10 -+ listen r 1 -+ - class netlink_firewall_socket 24 - nlmsg_write w 10 - nlmsg_read r 10 -@@ -973,7 +1001,7 @@ class key_socket 22 - relabelto w 10 - listen r 1 - --class netif 10 -+class netif 12 - rawip_recv r 10 - tcp_recv r 10 - udp_recv r 10 -@@ -984,6 +1012,8 @@ class netif 10 - udp_send w 10 - dccp_recv r 10 - dccp_send w 10 -+ sctp_recv r 10 -+ sctp_send w 10 - - class packet_socket 22 - append w 10 -diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py -index 9a01fc5..630b42c 100644 ---- a/setools/policyrep/netcontext.py -+++ b/setools/policyrep/netcontext.py -@@ -35,6 +35,10 @@ try: - IPPROTO_DCCP = getprotobyname("dccp") - except socket.error: - IPPROTO_DCCP = 33 -+try: -+ IPPROTO_SCTP = getprotobyname("sctp") -+except socket.error: -+ IPPROTO_SCTP = 132 - - - def netifcon_factory(policy, name): -@@ -161,6 +165,7 @@ class PortconProtocol(int, PolicyEnum): - tcp = IPPROTO_TCP - udp = IPPROTO_UDP - dccp = IPPROTO_DCCP -+ sctp = IPPROTO_SCTP - - - class Portcon(NetContext): --- -2.18.0 - diff --git a/0001-Do-not-use-Werror-during-build.patch b/1001-Do-not-use-Werror-during-build.patch similarity index 81% rename from 0001-Do-not-use-Werror-during-build.patch rename to 1001-Do-not-use-Werror-during-build.patch index ff4523c..60f11e2 100644 --- a/0001-Do-not-use-Werror-during-build.patch +++ b/1001-Do-not-use-Werror-during-build.patch @@ -1,7 +1,7 @@ -From 617c3ae83c1c72ead627a57e1529724c62df807f Mon Sep 17 00:00:00 2001 +From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Thu, 23 Feb 2017 08:17:07 +0100 -Subject: [PATCH 1/2] Do not use -Werror during build +Subject: [PATCH 2/3] Do not use -Werror during build MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit @@ -32,18 +32,18 @@ error: command 'gcc' failed with exit status 1 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py -index 2ca44c9..9319bf6 100644 +index c94daf1..a7442ac 100644 --- a/setup.py +++ b/setup.py -@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol', - 'libqpol/policy_scan.c', - 'libqpol/xen_query.c'], - include_dirs=include_dirs, +@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'], + libraries=['selinux', 'sepol'], + library_dirs=lib_dirs, + define_macros=macros, - extra_compile_args=['-Werror', '-Wextra', + extra_compile_args=['-Wextra', '-Waggregate-return', '-Wfloat-equal', '-Wformat', '-Wformat=2', -- -2.9.3 +2.17.2 diff --git a/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch similarity index 67% rename from 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch rename to 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch index a5d982a..3057072 100644 --- a/0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -1,7 +1,7 @@ -From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 23 Feb 2017 08:17:07 +0100 -Subject: [PATCH 2/2] Do not export/use setools.InfoFlowAnalysis and +From b960869bcbcb58f2ce9af598484f209935c096b0 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Fri, 26 Apr 2019 15:27:25 +0200 +Subject: [PATCH 3/3] Do not export/use setools.InfoFlowAnalysis and setools.DomainTransitionAnalysis dta and infoflow modules require networkx which brings lot of dependencies. @@ -12,28 +12,29 @@ Therefore it's better to use setools.infoflow.InfoFlowAnalysis and setools.dta.DomainTransitionAnalysis and let the package containing sedta and seinfoflow to require python3-networkx --- - sedta | 3 ++- - seinfoflow | 3 ++- - setools/__init__.py | 4 ++-- + sedta | 4 ++-- + seinfoflow | 4 ++-- + setools/__init__.py | 4 ---- setoolsgui/apol/dta.py | 2 +- setoolsgui/apol/infoflow.py | 2 +- - tests/dta.py | 3 ++- - tests/infoflow.py | 3 ++- - 7 files changed, 12 insertions(+), 8 deletions(-) + tests/dta.py | 2 +- + tests/infoflow.py | 2 +- + 7 files changed, 8 insertions(+), 12 deletions(-) diff --git a/sedta b/sedta -index 1c76ebb..255ad49 100755 +index 60861ca..41e38a2 100755 --- a/sedta +++ b/sedta -@@ -23,6 +23,7 @@ import argparse +@@ -22,7 +22,7 @@ import argparse import logging + import signal - import setools +-import setools +import setools.dta def print_transition(trans): -@@ -111,7 +112,7 @@ else: +@@ -114,7 +114,7 @@ else: try: p = setools.SELinuxPolicy(args.policy) @@ -43,18 +44,19 @@ index 1c76ebb..255ad49 100755 if args.shortest_path or args.all_paths: if args.shortest_path: diff --git a/seinfoflow b/seinfoflow -index b287921..d53bdef 100755 +index 97b14ba..e7f965d 100755 --- a/seinfoflow +++ b/seinfoflow -@@ -19,6 +19,7 @@ +@@ -17,7 +17,7 @@ + # along with SETools. If not, see . + # - from __future__ import print_function - import setools +-import setools +import setools.infoflow import argparse import sys import logging -@@ -79,7 +80,7 @@ else: +@@ -81,7 +81,7 @@ else: try: p = setools.SELinuxPolicy(args.policy) m = setools.PermissionMap(args.map) @@ -64,77 +66,74 @@ index b287921..d53bdef 100755 if args.shortest_path or args.all_paths: if args.shortest_path: diff --git a/setools/__init__.py b/setools/__init__.py -index a84c846..a53c5a7 100644 +index 7b70f5e..5a5f7fe 100644 --- a/setools/__init__.py +++ b/setools/__init__.py -@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery +@@ -73,12 +73,8 @@ from .pcideviceconquery import PcideviceconQuery from .devicetreeconquery import DevicetreeconQuery # Information Flow Analysis -from .infoflow import InfoFlowAnalysis -+# from .infoflow import InfoFlowAnalysis from .permmap import PermissionMap - # Domain Transition Analysis +-# Domain Transition Analysis -from .dta import DomainTransitionAnalysis -+# from .dta import DomainTransitionAnalysis - +- # Policy difference from .diff import PolicyDifference + diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index 0aaf13f..5b1ea20 100644 +index 4608b9d..2cde44c 100644 --- a/setoolsgui/apol/dta.py +++ b/setoolsgui/apol/dta.py @@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread from PyQt5.QtGui import QPalette, QTextCursor from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem + QTreeWidgetItem -from setools import DomainTransitionAnalysis +from setools.dta import DomainTransitionAnalysis from ..logtosignal import LogHandlerToSignal from .analysistab import AnalysisTab diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index 1ae16de..fdf8f7b 100644 +index 7bca299..7fee277 100644 --- a/setoolsgui/apol/infoflow.py +++ b/setoolsgui/apol/infoflow.py -@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread +@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread from PyQt5.QtGui import QPalette, QTextCursor from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem + QTreeWidgetItem -from setools import InfoFlowAnalysis +from setools.infoflow import InfoFlowAnalysis from setools.exception import UnmappedClass, UnmappedPermission from ..logtosignal import LogHandlerToSignal diff --git a/tests/dta.py b/tests/dta.py -index 32b9271..2bdd052 100644 +index a0cc938..177e6fb 100644 --- a/tests/dta.py +++ b/tests/dta.py -@@ -17,7 +17,8 @@ - # +@@ -18,7 +18,7 @@ + import os import unittest --from setools import SELinuxPolicy, DomainTransitionAnalysis -+from setools import SELinuxPolicy +-from setools import DomainTransitionAnalysis +from setools.dta import DomainTransitionAnalysis from setools import TERuletype as TERT - from setools.policyrep.exception import InvalidType - from setools.policyrep.typeattr import Type + from setools.exception import InvalidType + from setools.policyrep import Type diff --git a/tests/infoflow.py b/tests/infoflow.py -index 7751dda..a21c683 100644 +index aa0e44a..fca2848 100644 --- a/tests/infoflow.py +++ b/tests/infoflow.py -@@ -17,7 +17,8 @@ - # +@@ -18,7 +18,7 @@ + import os import unittest --from setools import SELinuxPolicy, InfoFlowAnalysis -+from setools import SELinuxPolicy +-from setools import InfoFlowAnalysis +from setools.infoflow import InfoFlowAnalysis from setools import TERuletype as TERT + from setools.exception import InvalidType from setools.permmap import PermissionMap - from setools.policyrep.exception import InvalidType -- -2.9.3 +2.17.2 diff --git a/setools.spec b/setools.spec index 0921554..cc3562f 100644 --- a/setools.spec +++ b/setools.spec @@ -1,17 +1,13 @@ -# sitelib for noarch packages, sitearch for others (remove the unneeded one) -%{!?__python2: %global __python2 %__python} -%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} -%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")} - -# % global setools_pre_ver beta.1.8e09d95 +# % global setools_pre_ver rc # % global gitver f1e5b20 -%global sepol_ver 2.8-1 -%global selinux_ver 2.8-1 +%global sepol_ver 2.9-1 +%global selinux_ver 2.9-1 + Name: setools -Version: 4.1.1 -Release: 15%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Version: 4.2.2 +Release: 1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -19,10 +15,8 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch1: 0001-Do-not-use-Werror-during-build.patch -Patch2: 0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch -Patch3: 0003-bswap_-macros-are-defined-in-byteswap.h.patch -Patch4: 0004-Add-support-for-SCTP-protocol.patch +Patch1001: 1001-Do-not-use-Werror-during-build.patch +Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison @@ -30,10 +24,10 @@ BuildRequires: glibc-devel, gcc, git BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver} BuildRequires: qt5-qtbase-devel BuildRequires: swig -BuildRequires: python2-devel -BuildRequires: python2-setuptools +BuildRequires: python3-Cython BuildRequires: python3-devel BuildRequires: python3-setuptools +BuildRequires: libselinux-devel # BuildArch: Requires: python3-%{name} = %{version}-%{release} @@ -76,30 +70,11 @@ This package includes the following console tools: seinfoflow Perform information flow analyses. -%package -n python2-setools -Summary: Policy analysis tools for SELinux -Recommends: python2-libselinux -%{?python_provide:%python_provide python2-setools} -# Remove before F30 -Provides: %{name}-python = %{version}-%{release} -Provides: %{name}-python%{?_isa} = %{version}-%{release} -Obsoletes: %{name}-python < %{version}-%{release} -Requires: python2-enum34 -Requires: python2-setuptools - -%description -n python2-setools -SETools is a collection of graphical tools, command-line tools, and -Python 2 modules designed to facilitate SELinux policy analysis. - %package -n python3-setools Summary: Policy analysis tools for SELinux Obsoletes: setools-libs < 4.0.0 Recommends: libselinux-python3 -%{?python_provide:%python_provide python2-setools} -# Remove before F30 -Provides: %{name}-python3 = %{version}-%{release} -Provides: %{name}-python3%{?_isa} = %{version}-%{release} -Obsoletes: %{name}-python3 < %{version}-%{release} +%{?python_provide:%python_provide python3-setools} Requires: python3-setuptools %description -n python3-setools @@ -119,36 +94,19 @@ Python modules designed to facilitate SELinux policy analysis. %prep -%autosetup -p 1 -S git - -cp -a ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 +%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} %build %py3_build -pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 -# Remove CFLAGS=... for noarch packages (unneeded) -CFLAGS="%{optflags}" %{__python2} setup.py build -popd - %install -rm -rf %{buildroot} -pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 -%{__python2} setup.py install --root %{buildroot} -popd - -rm -rf %{buildroot}%{_bindir} %py3_install %check %if %{?_with_check:1}%{!?_with_check:0} %{__python3} setup.py test - -pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2 -%{__python2} setup.py test -popd %endif @@ -168,10 +126,6 @@ popd %{_mandir}/man1/sedta* %{_mandir}/man1/seinfoflow* -%files -n python2-setools -%license COPYING COPYING.GPL COPYING.LGPL -%{python2_sitearch}/* - %files -n python3-setools %license COPYING COPYING.GPL COPYING.LGPL %{python3_sitearch}/setools @@ -183,11 +137,29 @@ popd %{_mandir}/man1/apol* %changelog -* Fri Jul 26 2019 Fedora Release Engineering - 4.1.1-15 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild +* Mon Jul 08 2019 Vit Mojzis - 4.2.2-1} +- SETools 4.2.2 release -* Sat Feb 02 2019 Fedora Release Engineering - 4.1.1-14 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild +* Mon May 13 2019 Vit Mojzis - 4.2.1-3 +- Use %set_build_flags instead of %optflags + +* Mon May 06 2019 Vit Mojzis - 4.2.1-2 +- SELinuxPolicy: Create a map of aliases on policy load (#1672631) + +* Tue Mar 26 2019 Petr Lautrbach - 4.2.1-1 +- SETools 4.2.1 release (#1581761, #1595582) + +* Wed Nov 14 2018 Vit Mojzis - 4.2.0-1 +- Update source to SETools 4.2.0 release + +* Mon Oct 01 2018 Vit Mojzis - 4.2.0-0.3.rc +- Update upstream source to 4.2.0-rc + +* Wed Sep 19 2018 Vit Mojzis - 4.2.0-0.2.beta +- Require userspace release 2.8 +- setools-gui requires python3-setools +- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371) +- Drop python2 subpackage (4.2.0 no longer supports python2) * Wed Aug 29 2018 Vit Mojzis - 4.1.1-13 - Add Requires for python[23]-setuptools - no longer required (just recommended) diff --git a/sources b/sources index 7fde505..9666cef 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.1.1.tar.gz) = 2e55a3b07e2f94d7c84054f31d266567b9acc708fe2b0e16ac3ea24e8301c712bcf564ff915a6135a1a6ba6822682bb3a6530dae20161a832fb7048364acbd04 +SHA512 (4.2.2.tar.gz) = 5044b04d0895ffe31557b3b71bb277ab49710a6066485c8f204ce7858abab259f973000f1fcfde0149ed4e33a50103984939dcc68ce322d70e9e927e81d4f798 From 1d41610e25a5dfd8a162ef4584dd8e4d9c4b3947 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 2 Aug 2019 10:27:19 +0200 Subject: [PATCH 15/78] Add initial set of tests - Tier1 SELinux components tests for Sanity - policycoreutils and checkpolicy tests as they depend and use SETools --- tests/tests.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 tests/tests.yml diff --git a/tests/tests.yml b/tests/tests.yml new file mode 100644 index 0000000..0f4f3a4 --- /dev/null +++ b/tests/tests.yml @@ -0,0 +1,11 @@ +--- +# Test to run in classic context +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + repositories: + - repo: "https://src.fedoraproject.org/tests/selinux.git" + dest: "selinux" + fmf_filter: "tier: 1 | component: policycoreutils | component: checkpolicy" From 5f644f84d19b5af0216f8743352b38e88c386cf2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Mon, 19 Aug 2019 11:05:46 +0200 Subject: [PATCH 16/78] Rebuilt for Python 3.8 --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index cc3562f..09578a6 100644 --- a/setools.spec +++ b/setools.spec @@ -7,7 +7,7 @@ Name: setools Version: 4.2.2 -Release: 1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -137,6 +137,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/man1/apol* %changelog +* Mon Aug 19 2019 Miro Hrončok - 4.2.2-2 +- Rebuilt for Python 3.8 + * Mon Jul 08 2019 Vit Mojzis - 4.2.2-1} - SETools 4.2.2 release From 2598e73c59fc751dd680b7bc903292c0f0822759 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Thu, 3 Oct 2019 14:38:40 +0200 Subject: [PATCH 17/78] Rebuilt for Python 3.8.0rc1 (#1748018) --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 09578a6..6d41105 100644 --- a/setools.spec +++ b/setools.spec @@ -7,7 +7,7 @@ Name: setools Version: 4.2.2 -Release: 2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -137,6 +137,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/man1/apol* %changelog +* Thu Oct 03 2019 Miro Hrončok - 4.2.2-3 +- Rebuilt for Python 3.8.0rc1 (#1748018) + * Mon Aug 19 2019 Miro Hrončok - 4.2.2-2 - Rebuilt for Python 3.8 From b5ddd6cd6d3100b90801eff0efbadef34f0086a7 Mon Sep 17 00:00:00 2001 From: Milos Malik Date: Tue, 22 Oct 2019 09:06:14 +0200 Subject: [PATCH 18/78] Add new test for sedta utility Basic test which covers the sedta tool. - test invalid values - test transitivity, reflexivity, non-existent relation etc --- tests/Sanity/sedta/Makefile | 63 ++++++++++++++++++++++ tests/Sanity/sedta/PURPOSE | 3 ++ tests/Sanity/sedta/runtest.sh | 88 +++++++++++++++++++++++++++++++ tests/Sanity/sedta/testpolicy.cil | 21 ++++++++ 4 files changed, 175 insertions(+) create mode 100644 tests/Sanity/sedta/Makefile create mode 100644 tests/Sanity/sedta/PURPOSE create mode 100755 tests/Sanity/sedta/runtest.sh create mode 100644 tests/Sanity/sedta/testpolicy.cil diff --git a/tests/Sanity/sedta/Makefile b/tests/Sanity/sedta/Makefile new file mode 100644 index 0000000..e45b9de --- /dev/null +++ b/tests/Sanity/sedta/Makefile @@ -0,0 +1,63 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/setools/Sanity/sedta +# Description: Does sedta work as expected? Does it support all features? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2019 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/setools/Sanity/sedta +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.cil + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Milos Malik " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Does sedta work as expected? Does it support all features?" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 1h" >> $(METADATA) + @echo "RunFor: setools" >> $(METADATA) + @echo "Requires: policycoreutils setools-console-analyses" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Releases: -RHEL4 -RHEL6 -RHEL7 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) + diff --git a/tests/Sanity/sedta/PURPOSE b/tests/Sanity/sedta/PURPOSE new file mode 100644 index 0000000..db04487 --- /dev/null +++ b/tests/Sanity/sedta/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of /CoreOS/setools/Sanity/sedta +Description: Does sedta work as expected? Does it support all features? +Author: Milos Malik diff --git a/tests/Sanity/sedta/runtest.sh b/tests/Sanity/sedta/runtest.sh new file mode 100755 index 0000000..4fb0483 --- /dev/null +++ b/tests/Sanity/sedta/runtest.sh @@ -0,0 +1,88 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/setools/Sanity/sedta +# Description: Does sedta work as expected? Does it support all features? +# Author: Milos Malik +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2019 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="setools" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm ${PACKAGE}-console-analyses + OUTPUT_FILE=`mktemp` + rlRun "semodule -i testpolicy.cil" + rlRun "semodule -l | grep testpolicy" + rlPhaseEnd + + rlPhaseStartTest "invalid values" + rlRun "sedta -s unknown_t >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}" + rlRun "sedta -s apmd_t -t unknown_t -S >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}" + rlRun "sedta -s unknown_t -p /etc/selinux/unknown/policy/policy.31 >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'no such file or directory' ${OUTPUT_FILE}" + rlRun "sedta -s apmd_t -t var_lib_t -A -1 >& ${OUTPUT_FILE}" 1 + rlRun "grep -i 'must be positive' ${OUTPUT_FILE}" + rlRun "sedta -s xyz_t >& ${OUTPUT_FILE}" + rlRun "grep -i '^0.*transition.*found' ${OUTPUT_FILE}" + rlPhaseEnd + + rlPhaseStartTest "valid values" + # transitivity + rlRun "sedta -s first_t -t second_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s second_t -t third_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s first_t -t third_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + # reflexivity + rlRun "sedta -s first_t -t first_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s second_t -t second_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + rlRun "sedta -s third_t -t third_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}" + # path is longer than limit + rlRun "sedta -s first_t -t third_t -A 1 >& ${OUTPUT_FILE}" + rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}" + # non-existent relation + rlRun "sedta -s first_t -t third_t -S -r >& ${OUTPUT_FILE}" + rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}" + # non-existent relation + rlRun "sedta -s third_t -t first_t -S >& ${OUTPUT_FILE}" + rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}" + rlPhaseEnd + + rlPhaseStartCleanup + rlRun "semodule -r testpolicy" + rlRun "semodule -l | grep testpolicy" 1 + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd + diff --git a/tests/Sanity/sedta/testpolicy.cil b/tests/Sanity/sedta/testpolicy.cil new file mode 100644 index 0000000..cc39d72 --- /dev/null +++ b/tests/Sanity/sedta/testpolicy.cil @@ -0,0 +1,21 @@ +( type xyz_t ) + +( type first_t ) +( type first_exec_t ) +( type second_t ) +( type second_exec_t ) +( type third_t ) +( type third_exec_t ) + +( typetransition first_t second_exec_t process second_t ) +( typetransition second_t third_exec_t process third_t ) + +( allow first_t second_exec_t ( file ( getattr open read execute ))) +( allow first_t second_t ( process ( transition ))) +( allow second_t third_exec_t ( file ( getattr open read execute ))) +( allow second_t third_t ( process ( transition ))) + +( allow first_t first_exec_t ( file ( entrypoint ))) +( allow second_t second_exec_t ( file ( entrypoint ))) +( allow third_t third_exec_t ( file ( entrypoint ))) + From b8e16f5ac16fe58f2739b1eea7be5e85ed553c2f Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 22 Oct 2019 10:49:40 +0200 Subject: [PATCH 19/78] tests: Add local Sanity/sedta to the testsuite --- tests/tests.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/tests.yml b/tests/tests.yml index 0f4f3a4..ee6dabb 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -9,3 +9,12 @@ - repo: "https://src.fedoraproject.org/tests/selinux.git" dest: "selinux" fmf_filter: "tier: 1 | component: policycoreutils | component: checkpolicy" + +# Test to run in classic context +- hosts: localhost + roles: + - role: standard-test-beakerlib + tags: + - classic + tests: + - Sanity/sedta From 7f0685b7c91b7d11f274334c033c3b1bea0070c7 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 30 Jan 2020 23:16:58 +0000 Subject: [PATCH 20/78] - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 6d41105..ce41df3 100644 --- a/setools.spec +++ b/setools.spec @@ -7,7 +7,7 @@ Name: setools Version: 4.2.2 -Release: 3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 4%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -137,6 +137,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/man1/apol* %changelog +* Thu Jan 30 2020 Fedora Release Engineering - 4.2.2-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + * Thu Oct 03 2019 Miro Hrončok - 4.2.2-3 - Rebuilt for Python 3.8.0rc1 (#1748018) From bb087c823660a3b4fdca41ca22845fe0f3a7d8c5 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 23 Mar 2020 20:51:22 +0100 Subject: [PATCH 21/78] setools-4.2.2-5 - setools requires -console, -console-analyses and -gui packages (#1794314) --- setools.spec | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/setools.spec b/setools.spec index ce41df3..11a37f2 100644 --- a/setools.spec +++ b/setools.spec @@ -7,7 +7,7 @@ Name: setools Version: 4.2.2 -Release: 4%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -29,8 +29,9 @@ BuildRequires: python3-devel BuildRequires: python3-setuptools BuildRequires: libselinux-devel -# BuildArch: -Requires: python3-%{name} = %{version}-%{release} +Requires: %{name}-console = %{version}-%{release} +Requires: %{name}-console-analyses = %{version}-%{release} +Requires: %{name}-gui = %{version}-%{release} %description SETools is a collection of graphical tools, command-line tools, and @@ -137,6 +138,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/man1/apol* %changelog +* Mon Mar 23 2020 Petr Lautrbach - 4.2.2-5 +- setools requires -console, -console-analyses and -gui packages (#1794314) + * Thu Jan 30 2020 Fedora Release Engineering - 4.2.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild From 7a283c335f015e52b3b5c125eec2a7752a3baaa8 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 2 Apr 2020 16:13:04 +0200 Subject: [PATCH 22/78] SETools 4.3.0 release - Revised sediff method for TE rules. This drastically reduced memory and run time. - Added infiniband context support to seinfo, sediff, and apol. - Added apol configuration for location of Qt assistant. - Fixed sediff issue where properties header would display when not requested. - Fixed sediff issue with type_transition file name comparison. - Fixed permission map socket sendto information flow direction. - Added methods to TypeAttribute class to make it a complete Python collection. - Genfscon now will look up classes rather than using fixed values which were dropped from libsepol. --- .gitignore | 1 + ...e-setools.InfoFlowAnalysis-and-setoo.patch | 30 +++++++++---------- 1003-Require-networkx-on-package-level.patch | 24 +++++++++++++++ setools.spec | 24 +++++++++++++-- sources | 2 +- 5 files changed, 62 insertions(+), 19 deletions(-) create mode 100644 1003-Require-networkx-on-package-level.patch diff --git a/.gitignore b/.gitignore index 3053379..ba42a0d 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.2.0.tar.gz /4.2.1.tar.gz /4.2.2.tar.gz +/4.3.0.tar.gz diff --git a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch index 3057072..a996069 100644 --- a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -1,7 +1,7 @@ -From b960869bcbcb58f2ce9af598484f209935c096b0 Mon Sep 17 00:00:00 2001 +From 0575455a0abda5ee63c442433384268a959c4fbc Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Fri, 26 Apr 2019 15:27:25 +0200 -Subject: [PATCH 3/3] Do not export/use setools.InfoFlowAnalysis and +Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and setools.DomainTransitionAnalysis dta and infoflow modules require networkx which brings lot of dependencies. @@ -22,7 +22,7 @@ sedta and seinfoflow to require python3-networkx 7 files changed, 8 insertions(+), 12 deletions(-) diff --git a/sedta b/sedta -index 60861ca..41e38a2 100755 +index 60861ca630a5..41e38a237b42 100755 --- a/sedta +++ b/sedta @@ -22,7 +22,7 @@ import argparse @@ -44,7 +44,7 @@ index 60861ca..41e38a2 100755 if args.shortest_path or args.all_paths: if args.shortest_path: diff --git a/seinfoflow b/seinfoflow -index 97b14ba..e7f965d 100755 +index f10c39de4d8e..fee749a83bb5 100755 --- a/seinfoflow +++ b/seinfoflow @@ -17,7 +17,7 @@ @@ -56,20 +56,20 @@ index 97b14ba..e7f965d 100755 import argparse import sys import logging -@@ -81,7 +81,7 @@ else: +@@ -101,7 +101,7 @@ elif args.booleans is not None: try: p = setools.SELinuxPolicy(args.policy) m = setools.PermissionMap(args.map) -- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) -+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude) +- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, ++ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, + booleans=booleans) if args.shortest_path or args.all_paths: - if args.shortest_path: diff --git a/setools/__init__.py b/setools/__init__.py -index 7b70f5e..5a5f7fe 100644 +index 26fa5aa34a19..b7e51c43c4bb 100644 --- a/setools/__init__.py +++ b/setools/__init__.py -@@ -73,12 +73,8 @@ from .pcideviceconquery import PcideviceconQuery +@@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery from .devicetreeconquery import DevicetreeconQuery # Information Flow Analysis @@ -83,7 +83,7 @@ index 7b70f5e..5a5f7fe 100644 from .diff import PolicyDifference diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index 4608b9d..2cde44c 100644 +index 4608b9dbf34e..2cde44c142e9 100644 --- a/setoolsgui/apol/dta.py +++ b/setoolsgui/apol/dta.py @@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread @@ -96,7 +96,7 @@ index 4608b9d..2cde44c 100644 from ..logtosignal import LogHandlerToSignal from .analysistab import AnalysisTab diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index 7bca299..7fee277 100644 +index 7bca299d23fc..7fee2778f35f 100644 --- a/setoolsgui/apol/infoflow.py +++ b/setoolsgui/apol/infoflow.py @@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread @@ -109,7 +109,7 @@ index 7bca299..7fee277 100644 from ..logtosignal import LogHandlerToSignal diff --git a/tests/dta.py b/tests/dta.py -index a0cc938..177e6fb 100644 +index a0cc9381469c..177e6fb0b961 100644 --- a/tests/dta.py +++ b/tests/dta.py @@ -18,7 +18,7 @@ @@ -122,7 +122,7 @@ index a0cc938..177e6fb 100644 from setools.exception import InvalidType from setools.policyrep import Type diff --git a/tests/infoflow.py b/tests/infoflow.py -index aa0e44a..fca2848 100644 +index aa0e44a7e4f8..fca2848aeca5 100644 --- a/tests/infoflow.py +++ b/tests/infoflow.py @@ -18,7 +18,7 @@ @@ -135,5 +135,5 @@ index aa0e44a..fca2848 100644 from setools.exception import InvalidType from setools.permmap import PermissionMap -- -2.17.2 +2.26.0.rc2 diff --git a/1003-Require-networkx-on-package-level.patch b/1003-Require-networkx-on-package-level.patch new file mode 100644 index 0000000..46e9a4d --- /dev/null +++ b/1003-Require-networkx-on-package-level.patch @@ -0,0 +1,24 @@ +From a2faa263c9dd8bcf51465861046e0406a84975c0 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 2 Apr 2020 16:06:14 +0200 +Subject: [PATCH] Require networkx on package level + +It allows us to ship python3-setools without dependency on python3-networkx +--- + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index 457c83049ca5..4bfd438002bb 100644 +--- a/setup.py ++++ b/setup.py +@@ -170,5 +170,5 @@ setup(name='setools', + # setup also requires libsepol and libselinux + # C libraries and headers to compile. + setup_requires=['setuptools', 'Cython>=0.27'], +- install_requires=['setuptools', 'networkx>=2.0'] ++ install_requires=['setuptools'] + ) +-- +2.26.0.rc2 + diff --git a/setools.spec b/setools.spec index 11a37f2..d4b946b 100644 --- a/setools.spec +++ b/setools.spec @@ -6,8 +6,8 @@ Name: setools -Version: 4.2.2 -Release: 5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Version: 4.3.0 +Release: 1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -17,7 +17,7 @@ Source1: setools.pam Source2: apol.desktop Patch1001: 1001-Do-not-use-Werror-during-build.patch Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch - +Patch1003: 1003-Require-networkx-on-package-level.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison BuildRequires: glibc-devel, gcc, git @@ -120,12 +120,17 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/man1/sediff* %{_mandir}/man1/seinfo* %{_mandir}/man1/sesearch* +%{_mandir}/ru/man1/sediff* +%{_mandir}/ru/man1/seinfo* +%{_mandir}/ru/man1/sesearch* %files console-analyses %{_bindir}/sedta %{_bindir}/seinfoflow %{_mandir}/man1/sedta* %{_mandir}/man1/seinfoflow* +%{_mandir}/ru/man1/sedta* +%{_mandir}/ru/man1/seinfoflow* %files -n python3-setools %license COPYING COPYING.GPL COPYING.LGPL @@ -136,8 +141,21 @@ Python modules designed to facilitate SELinux policy analysis. %{_bindir}/apol %{python3_sitearch}/setoolsgui %{_mandir}/man1/apol* +%{_mandir}/ru/man1/apol* %changelog +* Thu Apr 2 2020 Petr Lautrbach - 4.3.0-1 +- SETools 4.3.0 release +- Revised sediff method for TE rules. This drastically reduced memory and run time. +- Added infiniband context support to seinfo, sediff, and apol. +- Added apol configuration for location of Qt assistant. +- Fixed sediff issue where properties header would display when not requested. +- Fixed sediff issue with type_transition file name comparison. +- Fixed permission map socket sendto information flow direction. +- Added methods to TypeAttribute class to make it a complete Python collection. +- Genfscon now will look up classes rather than using fixed values which + were dropped from libsepol. + * Mon Mar 23 2020 Petr Lautrbach - 4.2.2-5 - setools requires -console, -console-analyses and -gui packages (#1794314) diff --git a/sources b/sources index 9666cef..ff7f110 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.2.2.tar.gz) = 5044b04d0895ffe31557b3b71bb277ab49710a6066485c8f204ce7858abab259f973000f1fcfde0149ed4e33a50103984939dcc68ce322d70e9e927e81d4f798 +SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a From 8e66d3773096520a2a972e281aef16b191fadd8b Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 3 Apr 2020 09:35:35 +0200 Subject: [PATCH 23/78] Enable gating https://docs.fedoraproject.org/en-US/ci/gating/ --- gating.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 gating.yaml diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..af6eb32 --- /dev/null +++ b/gating.yaml @@ -0,0 +1,16 @@ +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_testing +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + +--- !Policy +product_versions: + - fedora-* +decision_context: bodhi_update_push_stable +subject_type: koji_build +rules: + - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional} + From c62a76dec868ca9d46fbb95dfcc691b442450fad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Tue, 26 May 2020 03:50:16 +0200 Subject: [PATCH 24/78] Rebuilt for Python 3.9 --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index d4b946b..dda3c2f 100644 --- a/setools.spec +++ b/setools.spec @@ -7,7 +7,7 @@ Name: setools Version: 4.3.0 -Release: 1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -144,6 +144,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Tue May 26 2020 Miro Hrončok - 4.3.0-2 +- Rebuilt for Python 3.9 + * Thu Apr 2 2020 Petr Lautrbach - 4.3.0-1 - SETools 4.3.0 release - Revised sediff method for TE rules. This drastically reduced memory and run time. From 4d63e5997c80fb56eda51f781e36991d7f1cbd8d Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Fri, 29 May 2020 17:24:41 +0200 Subject: [PATCH 25/78] tests: Add Regression/The-setools-package-doesn-t-install-any-tools Make sure setools requires setools-console and setools-gui and not vice versa. --- .../Makefile | 63 +++++++++++++++++++ .../runtest.sh | 54 ++++++++++++++++ tests/tests.yml | 1 + 3 files changed, 118 insertions(+) create mode 100644 tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile create mode 100755 tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh diff --git a/tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile b/tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile new file mode 100644 index 0000000..a5e7a6b --- /dev/null +++ b/tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile @@ -0,0 +1,63 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools +# Description: Make sure setools requires setools-console and setools-gui +# Author: Vit Mojzis +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=/CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Vit Mojzis " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Make sure setools requires setools-console and setools-gui" >> $(METADATA) + @echo "Type: Regression" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: setools" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Bug: 1820078" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh b/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh new file mode 100755 index 0000000..16267ce --- /dev/null +++ b/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh @@ -0,0 +1,54 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of /CoreOS/setools/Regression/bz1820078-The-setools-package-doesn-t-install-any-tools +# Description: Make sure setools requires setools-console and setools-gui +# Author: Vit Mojzis +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2020 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="setools" + +rlJournalStart + rlPhaseStartSetup + rlRun "dnf -y remove ${PACKAGE} ${PACKAGE}-gui ${PACKAGE}-console" + OUTPUT_FILE=`mktemp` + rlPhaseEnd + + rlPhaseStartTest "bz#1820078" + rlRun "dnf -y install ${PACKAGE}" 0 + rlAssertRpm "${PACKAGE}-gui" + rlAssertRpm "${PACKAGE}-console" + # make sure that setools-* packages do not require setools + rlRun "rpm -q --whatrequires ${PACKAGE} >& ${OUTPUT_FILE}" 0,1 + rlRun "grep -i \"${PACKAGE}-\" ${OUTPUT_FILE}" 1 + if [ $? -ne 1 ]; then rlRun "cat \"${OUTPUT_FILE}\""; fi + rlPhaseEnd + + rlPhaseStartCleanup + rm -f ${OUTPUT_FILE} + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/tests.yml b/tests/tests.yml index ee6dabb..f1c994e 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -18,3 +18,4 @@ - classic tests: - Sanity/sedta + - Regression/The-setools-package-doesn-t-install-any-tools From e1c3bd6193eba012e56df27c32d4922239c88a0a Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 16 Jul 2020 12:22:20 +0200 Subject: [PATCH 26/78] setools-4.3.0-3 - rebuild with SELinux userspace 3.1 release --- setools.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/setools.spec b/setools.spec index dda3c2f..2ab8e19 100644 --- a/setools.spec +++ b/setools.spec @@ -1,13 +1,13 @@ # % global setools_pre_ver rc # % global gitver f1e5b20 -%global sepol_ver 2.9-1 -%global selinux_ver 2.9-1 +%global sepol_ver 2.3-1 +%global selinux_ver 2.3-1 Name: setools Version: 4.3.0 -Release: 2%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -144,6 +144,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Thu Jul 16 2020 Petr Lautrbach - 4.3.0-3 +- rebuild with SELinux userspace 3.1 release + * Tue May 26 2020 Miro Hrončok - 4.3.0-2 - Rebuilt for Python 3.9 From 8ea33531981dc6fc3dd7fde4716ae9366ee6072f Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 29 Jul 2020 10:35:00 +0000 Subject: [PATCH 27/78] - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 2ab8e19..a9dc693 100644 --- a/setools.spec +++ b/setools.spec @@ -7,7 +7,7 @@ Name: setools Version: 4.3.0 -Release: 3%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 4%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -144,6 +144,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Wed Jul 29 2020 Fedora Release Engineering - 4.3.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Thu Jul 16 2020 Petr Lautrbach - 4.3.0-3 - rebuild with SELinux userspace 3.1 release From 1396e21e63b094b676a2a1060772479e9b045f23 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 1 Aug 2020 09:02:07 +0000 Subject: [PATCH 28/78] - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- setools.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index a9dc693..c1cae3b 100644 --- a/setools.spec +++ b/setools.spec @@ -7,7 +7,7 @@ Name: setools Version: 4.3.0 -Release: 4%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Release: 5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -144,6 +144,10 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Sat Aug 01 2020 Fedora Release Engineering - 4.3.0-5 +- Second attempt - Rebuilt for + https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + * Wed Jul 29 2020 Fedora Release Engineering - 4.3.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild From 8840b49782c1e7f71675cb337356ead3de9aac40 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 3 Nov 2020 16:07:11 +0100 Subject: [PATCH 29/78] setools-4.4.0-0.1.20201102git05e90ee - Update to 05e90ee - Add /usr/bin/sechecker - Adapt to new libsepol filename transition structures - Rebuild with libsepol.so.2 --- .gitignore | 1 + ...sepol-filename-transition-structures.patch | 120 ++++++++++++++++++ ...e-setools.InfoFlowAnalysis-and-setoo.patch | 12 +- setools.spec | 25 ++-- sources | 2 +- 5 files changed, 145 insertions(+), 15 deletions(-) create mode 100644 0001-Adapt-to-new-libsepol-filename-transition-structures.patch diff --git a/.gitignore b/.gitignore index ba42a0d..604fc90 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.2.1.tar.gz /4.2.2.tar.gz /4.3.0.tar.gz +/05e90ee.tar.gz diff --git a/0001-Adapt-to-new-libsepol-filename-transition-structures.patch b/0001-Adapt-to-new-libsepol-filename-transition-structures.patch new file mode 100644 index 0000000..ba448fb --- /dev/null +++ b/0001-Adapt-to-new-libsepol-filename-transition-structures.patch @@ -0,0 +1,120 @@ +From f63a3690e3e3f02ab67ad1165be54ce25bac2de7 Mon Sep 17 00:00:00 2001 +From: Ondrej Mosnacek +Date: Fri, 17 Jul 2020 11:28:08 +0200 +Subject: [PATCH] Adapt to new libsepol filename transition structures + +Adapt setools to the new libsepol internal API for filename transitions +which allows for more efficient filename trans rule representation in +memory and binary policy. + +Signed-off-by: Ondrej Mosnacek +--- + setools/policyrep/sepol.pxd | 9 ++++---- + setools/policyrep/terule.pxi | 41 ++++++++++++++++++++++++++++++------ + 2 files changed, 39 insertions(+), 11 deletions(-) + +diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd +index 60bc58c28ebf..b07ddb78350f 100644 +--- a/setools/policyrep/sepol.pxd ++++ b/setools/policyrep/sepol.pxd +@@ -544,21 +544,22 @@ cdef extern from "": + ctypedef cond_bool_datum cond_bool_datum_t + + # +- # filename_trans_t ++ # filename_trans_key_t + # +- cdef struct filename_trans: +- uint32_t stype ++ cdef struct filename_trans_key: + uint32_t ttype + uint32_t tclass + char *name + +- ctypedef filename_trans filename_trans_t ++ ctypedef filename_trans_key filename_trans_key_t + + # + # filename_trans_datum_t + # + cdef struct filename_trans_datum: ++ ebitmap_t stypes + uint32_t otype ++ filename_trans_datum *next + + ctypedef filename_trans_datum filename_trans_datum_t + +diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi +index 3976586b7985..760c366f6c39 100644 +--- a/setools/policyrep/terule.pxi ++++ b/setools/policyrep/terule.pxi +@@ -470,17 +470,18 @@ cdef class FileNameTERule(BaseTERule): + readonly str filename + + @staticmethod +- cdef inline FileNameTERule factory(SELinuxPolicy policy, sepol.filename_trans_t *key, +- sepol.filename_trans_datum_t *datum): ++ cdef inline FileNameTERule factory(SELinuxPolicy policy, ++ sepol.filename_trans_key_t *key, ++ Type stype, size_t otype): + """Factory function for creating FileNameTERule objects.""" + cdef FileNameTERule r = FileNameTERule.__new__(FileNameTERule) + r.policy = policy + r.key = key + r.ruletype = TERuletype.type_transition +- r.source = type_or_attr_factory(policy, policy.type_value_to_datum(key.stype - 1)) ++ r.source = stype + r.target = type_or_attr_factory(policy, policy.type_value_to_datum(key.ttype - 1)) + r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(key.tclass - 1)) +- r.dft = Type.factory(policy, policy.type_value_to_datum(datum.otype - 1)) ++ r.dft = Type.factory(policy, policy.type_value_to_datum(otype - 1)) + r.filename = intern(key.name) + r.origin = None + return r +@@ -708,6 +709,10 @@ cdef class FileNameTERuleIterator(HashtabIterator): + + """Iterate over FileNameTERules in the policy.""" + ++ cdef: ++ sepol.filename_trans_datum_t *datum ++ TypeEbitmapIterator stypei ++ + @staticmethod + cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table): + """Factory function for creating FileNameTERule iterators.""" +@@ -717,7 +722,29 @@ cdef class FileNameTERuleIterator(HashtabIterator): + i.reset() + return i + ++ def _next_stype(self): ++ while True: ++ if self.datum == NULL: ++ super().__next__() ++ self.datum = self.curr.datum ++ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes) ++ try: ++ return next(self.stypei) ++ except StopIteration: ++ pass ++ self.datum = self.datum.next ++ if self.datum != NULL: ++ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes) ++ + def __next__(self): +- super().__next__() +- return FileNameTERule.factory(self.policy, self.curr.key, +- self.curr.datum) ++ stype = self._next_stype() ++ return FileNameTERule.factory(self.policy, ++ self.curr.key, ++ stype, self.datum.otype) ++ ++ def __len__(self): ++ return sum(1 for r in FileNameTERuleIterator.factory(self.policy, self.table)) ++ ++ def reset(self): ++ super().reset() ++ self.datum = NULL +-- +2.29.0 + diff --git a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch index a996069..5a0460b 100644 --- a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -33,7 +33,7 @@ index 60861ca630a5..41e38a237b42 100755 +import setools.dta - def print_transition(trans): + def print_transition(trans: setools.DomainTransition) -> None: @@ -114,7 +114,7 @@ else: try: @@ -56,7 +56,7 @@ index f10c39de4d8e..fee749a83bb5 100755 import argparse import sys import logging -@@ -101,7 +101,7 @@ elif args.booleans is not None: +@@ -102,7 +102,7 @@ elif args.booleans is not None: try: p = setools.SELinuxPolicy(args.policy) m = setools.PermissionMap(args.map) @@ -66,18 +66,18 @@ index f10c39de4d8e..fee749a83bb5 100755 if args.shortest_path or args.all_paths: diff --git a/setools/__init__.py b/setools/__init__.py -index 26fa5aa34a19..b7e51c43c4bb 100644 +index d72d343e7e79..642485b9018d 100644 --- a/setools/__init__.py +++ b/setools/__init__.py -@@ -75,12 +75,8 @@ from .pcideviceconquery import PcideviceconQuery +@@ -91,12 +91,8 @@ from .pcideviceconquery import PcideviceconQuery from .devicetreeconquery import DevicetreeconQuery # Information Flow Analysis -from .infoflow import InfoFlowAnalysis - from .permmap import PermissionMap + from .permmap import PermissionMap, RuleWeight, Mapping -# Domain Transition Analysis --from .dta import DomainTransitionAnalysis +-from .dta import DomainTransitionAnalysis, DomainEntrypoint, DomainTransition - # Policy difference from .diff import PolicyDifference diff --git a/setools.spec b/setools.spec index c1cae3b..c293a84 100644 --- a/setools.spec +++ b/setools.spec @@ -1,20 +1,21 @@ -# % global setools_pre_ver rc -# % global gitver f1e5b20 +%global setools_pre_ver 05e90ee +%global gitver 05e90ee241af05665f3394e9bed0073e1bb2e17d -%global sepol_ver 2.3-1 -%global selinux_ver 2.3-1 +%global sepol_ver 3.1-4 +%global selinux_ver 3.1-4 Name: setools -Version: 4.3.0 -Release: 5%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist} +Version: 4.4.0 +Release: 0.1.20201102git%{setools_pre_ver}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 URL: https://github.com/SELinuxProject/setools/wiki -Source0: https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz +Source0: https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz Source1: setools.pam Source2: apol.desktop +Patch0001: 0001-Adapt-to-new-libsepol-filename-transition-structures.patch Patch1001: 1001-Do-not-use-Werror-during-build.patch Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Patch1003: 1003-Require-networkx-on-package-level.patch @@ -95,7 +96,7 @@ Python modules designed to facilitate SELinux policy analysis. %prep -%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} +%autosetup -p 1 -S git -n setools-%{gitver} %build @@ -114,9 +115,11 @@ Python modules designed to facilitate SELinux policy analysis. %files %files console +%{_bindir}/sechecker %{_bindir}/sediff %{_bindir}/seinfo %{_bindir}/sesearch +%{_mandir}/man1/sechecker* %{_mandir}/man1/sediff* %{_mandir}/man1/seinfo* %{_mandir}/man1/sesearch* @@ -144,6 +147,12 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Tue Nov 3 2020 Petr Lautrbach - 4.4.0-0.1.20201102git05e90ee +- Update to 05e90ee +- Add /usr/bin/sechecker +- Adapt to new libsepol filename transition structures +- Rebuild with libsepol.so.2 + * Sat Aug 01 2020 Fedora Release Engineering - 4.3.0-5 - Second attempt - Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild diff --git a/sources b/sources index ff7f110..e13005d 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.3.0.tar.gz) = 93da43c4b577ff944f1c19ef40cfc51f6d1cb1efef582e467834300540a7af440b6ae9106f29d810963c74b0fb5953003304790a9143a7318e477d17fa7d536a +SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686 From 3c028107aa55cedfca8eaf589a6e26af214713d8 Mon Sep 17 00:00:00 2001 From: Ondrej Mosnacek Date: Tue, 3 Nov 2020 16:57:08 +0100 Subject: [PATCH 30/78] Depend on git-core instead of full git See: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/GS7GOUITUEASRELL7SKGLVJLGS3ZVJ45/ Signed-off-by: Ondrej Mosnacek --- setools.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index c293a84..a481cd9 100644 --- a/setools.spec +++ b/setools.spec @@ -21,7 +21,7 @@ Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Patch1003: 1003-Require-networkx-on-package-level.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison -BuildRequires: glibc-devel, gcc, git +BuildRequires: glibc-devel, gcc, git-core BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver} BuildRequires: qt5-qtbase-devel BuildRequires: swig From b028c6a81b5952295c70f1523981e7ebd9940564 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 10 Dec 2020 17:12:14 +0100 Subject: [PATCH 31/78] setools-4.4.0-0.2.20201102git05e90ee.fc34 - Fix imports in /usr/bin/sedta Fixes: $ sedta Traceback (most recent call last): File "/usr/bin/sedta", line 28, in def print_transition(trans: setools.DomainTransition) -> None: AttributeError: module 'setools' has no attribute 'DomainTransition' --- ...e-setools.InfoFlowAnalysis-and-setoo.patch | 23 +++++++++++-------- setools.spec | 5 +++- 2 files changed, 17 insertions(+), 11 deletions(-) diff --git a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch index 5a0460b..29ccc0e 100644 --- a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -1,4 +1,4 @@ -From 0575455a0abda5ee63c442433384268a959c4fbc Mon Sep 17 00:00:00 2001 +From fa776e6abd019a7bdaca37486d714d307cbd332f Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Fri, 26 Apr 2019 15:27:25 +0200 Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and @@ -12,29 +12,32 @@ Therefore it's better to use setools.infoflow.InfoFlowAnalysis and setools.dta.DomainTransitionAnalysis and let the package containing sedta and seinfoflow to require python3-networkx --- - sedta | 4 ++-- + sedta | 5 +++-- seinfoflow | 4 ++-- setools/__init__.py | 4 ---- setoolsgui/apol/dta.py | 2 +- setoolsgui/apol/infoflow.py | 2 +- tests/dta.py | 2 +- tests/infoflow.py | 2 +- - 7 files changed, 8 insertions(+), 12 deletions(-) + 7 files changed, 9 insertions(+), 12 deletions(-) diff --git a/sedta b/sedta -index 60861ca630a5..41e38a237b42 100755 +index 57070098fe10..51890ea8ea73 100755 --- a/sedta +++ b/sedta -@@ -22,7 +22,7 @@ import argparse - import logging +@@ -23,9 +23,10 @@ import logging import signal --import setools + import setools +import setools.dta - def print_transition(trans: setools.DomainTransition) -> None: -@@ -114,7 +114,7 @@ else: +-def print_transition(trans: setools.DomainTransition) -> None: ++def print_transition(trans: setools.dta.DomainTransition) -> None: + if trans.transition: + print("Domain transition rule(s):") + for t in trans.transition: +@@ -114,7 +115,7 @@ else: try: p = setools.SELinuxPolicy(args.policy) @@ -44,7 +47,7 @@ index 60861ca630a5..41e38a237b42 100755 if args.shortest_path or args.all_paths: if args.shortest_path: diff --git a/seinfoflow b/seinfoflow -index f10c39de4d8e..fee749a83bb5 100755 +index 0ddcfdc7c1fb..8321718b2640 100755 --- a/seinfoflow +++ b/seinfoflow @@ -17,7 +17,7 @@ diff --git a/setools.spec b/setools.spec index a481cd9..a91914d 100644 --- a/setools.spec +++ b/setools.spec @@ -7,7 +7,7 @@ Name: setools Version: 4.4.0 -Release: 0.1.20201102git%{setools_pre_ver}%{?dist} +Release: 0.2.20201102git%{setools_pre_ver}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -147,6 +147,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Thu Dec 10 2020 Petr Lautrbach - 4.4.0-0.2.20201102git05e90ee +- Fix imports in /usr/bin/sedta + * Tue Nov 3 2020 Petr Lautrbach - 4.4.0-0.1.20201102git05e90ee - Update to 05e90ee - Add /usr/bin/sechecker From d085b2403dff2850a82718d232a9681ed88f3199 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 21 Jan 2021 11:38:03 +0100 Subject: [PATCH 32/78] Rebuild with SELinux userspace release 3.2-rc1 And update to 16c0696 --- .gitignore | 1 + ...sepol-filename-transition-structures.patch | 120 ------------------ 1001-Do-not-use-Werror-during-build.patch | 49 ------- ...e-setools.InfoFlowAnalysis-and-setoo.patch | 14 +- 1003-Require-networkx-on-package-level.patch | 10 +- setools.spec | 16 ++- sources | 2 +- 7 files changed, 23 insertions(+), 189 deletions(-) delete mode 100644 0001-Adapt-to-new-libsepol-filename-transition-structures.patch delete mode 100644 1001-Do-not-use-Werror-during-build.patch diff --git a/.gitignore b/.gitignore index 604fc90..a46f24a 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.2.2.tar.gz /4.3.0.tar.gz /05e90ee.tar.gz +/16c0696.tar.gz diff --git a/0001-Adapt-to-new-libsepol-filename-transition-structures.patch b/0001-Adapt-to-new-libsepol-filename-transition-structures.patch deleted file mode 100644 index ba448fb..0000000 --- a/0001-Adapt-to-new-libsepol-filename-transition-structures.patch +++ /dev/null @@ -1,120 +0,0 @@ -From f63a3690e3e3f02ab67ad1165be54ce25bac2de7 Mon Sep 17 00:00:00 2001 -From: Ondrej Mosnacek -Date: Fri, 17 Jul 2020 11:28:08 +0200 -Subject: [PATCH] Adapt to new libsepol filename transition structures - -Adapt setools to the new libsepol internal API for filename transitions -which allows for more efficient filename trans rule representation in -memory and binary policy. - -Signed-off-by: Ondrej Mosnacek ---- - setools/policyrep/sepol.pxd | 9 ++++---- - setools/policyrep/terule.pxi | 41 ++++++++++++++++++++++++++++++------ - 2 files changed, 39 insertions(+), 11 deletions(-) - -diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd -index 60bc58c28ebf..b07ddb78350f 100644 ---- a/setools/policyrep/sepol.pxd -+++ b/setools/policyrep/sepol.pxd -@@ -544,21 +544,22 @@ cdef extern from "": - ctypedef cond_bool_datum cond_bool_datum_t - - # -- # filename_trans_t -+ # filename_trans_key_t - # -- cdef struct filename_trans: -- uint32_t stype -+ cdef struct filename_trans_key: - uint32_t ttype - uint32_t tclass - char *name - -- ctypedef filename_trans filename_trans_t -+ ctypedef filename_trans_key filename_trans_key_t - - # - # filename_trans_datum_t - # - cdef struct filename_trans_datum: -+ ebitmap_t stypes - uint32_t otype -+ filename_trans_datum *next - - ctypedef filename_trans_datum filename_trans_datum_t - -diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi -index 3976586b7985..760c366f6c39 100644 ---- a/setools/policyrep/terule.pxi -+++ b/setools/policyrep/terule.pxi -@@ -470,17 +470,18 @@ cdef class FileNameTERule(BaseTERule): - readonly str filename - - @staticmethod -- cdef inline FileNameTERule factory(SELinuxPolicy policy, sepol.filename_trans_t *key, -- sepol.filename_trans_datum_t *datum): -+ cdef inline FileNameTERule factory(SELinuxPolicy policy, -+ sepol.filename_trans_key_t *key, -+ Type stype, size_t otype): - """Factory function for creating FileNameTERule objects.""" - cdef FileNameTERule r = FileNameTERule.__new__(FileNameTERule) - r.policy = policy - r.key = key - r.ruletype = TERuletype.type_transition -- r.source = type_or_attr_factory(policy, policy.type_value_to_datum(key.stype - 1)) -+ r.source = stype - r.target = type_or_attr_factory(policy, policy.type_value_to_datum(key.ttype - 1)) - r.tclass = ObjClass.factory(policy, policy.class_value_to_datum(key.tclass - 1)) -- r.dft = Type.factory(policy, policy.type_value_to_datum(datum.otype - 1)) -+ r.dft = Type.factory(policy, policy.type_value_to_datum(otype - 1)) - r.filename = intern(key.name) - r.origin = None - return r -@@ -708,6 +709,10 @@ cdef class FileNameTERuleIterator(HashtabIterator): - - """Iterate over FileNameTERules in the policy.""" - -+ cdef: -+ sepol.filename_trans_datum_t *datum -+ TypeEbitmapIterator stypei -+ - @staticmethod - cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table): - """Factory function for creating FileNameTERule iterators.""" -@@ -717,7 +722,29 @@ cdef class FileNameTERuleIterator(HashtabIterator): - i.reset() - return i - -+ def _next_stype(self): -+ while True: -+ if self.datum == NULL: -+ super().__next__() -+ self.datum = self.curr.datum -+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes) -+ try: -+ return next(self.stypei) -+ except StopIteration: -+ pass -+ self.datum = self.datum.next -+ if self.datum != NULL: -+ self.stypei = TypeEbitmapIterator.factory(self.policy, &self.datum.stypes) -+ - def __next__(self): -- super().__next__() -- return FileNameTERule.factory(self.policy, self.curr.key, -- self.curr.datum) -+ stype = self._next_stype() -+ return FileNameTERule.factory(self.policy, -+ self.curr.key, -+ stype, self.datum.otype) -+ -+ def __len__(self): -+ return sum(1 for r in FileNameTERuleIterator.factory(self.policy, self.table)) -+ -+ def reset(self): -+ super().reset() -+ self.datum = NULL --- -2.29.0 - diff --git a/1001-Do-not-use-Werror-during-build.patch b/1001-Do-not-use-Werror-during-build.patch deleted file mode 100644 index 60f11e2..0000000 --- a/1001-Do-not-use-Werror-during-build.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001 -From: rpm-build -Date: Thu, 23 Feb 2017 08:17:07 +0100 -Subject: [PATCH 2/3] Do not use -Werror during build -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -There are new warnings when setools are built with gcc 7 therefore we -want to suppress -Werror for now - -Fixes: -libqpol/policy_extend.c: In function ‘policy_extend’: -libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~ -libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295] - snprintf(buff, 9, "@ttr%04zd", i + 1); - ^~~~~~~~~~~ -In file included from /usr/include/stdio.h:939:0, - from /usr/include/sepol/policydb/policydb.h:53, - from libqpol/policy_extend.c:29: -/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9 - return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - __bos (__s), __fmt, __va_arg_pack ()); - ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -cc1: all warnings being treated as errors -error: command 'gcc' failed with exit status 1 ---- - setup.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/setup.py b/setup.py -index c94daf1..a7442ac 100644 ---- a/setup.py -+++ b/setup.py -@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'], - libraries=['selinux', 'sepol'], - library_dirs=lib_dirs, - define_macros=macros, -- extra_compile_args=['-Werror', '-Wextra', -+ extra_compile_args=['-Wextra', - '-Waggregate-return', - '-Wfloat-equal', - '-Wformat', '-Wformat=2', --- -2.17.2 - diff --git a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch index 29ccc0e..d270d21 100644 --- a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -1,7 +1,7 @@ -From fa776e6abd019a7bdaca37486d714d307cbd332f Mon Sep 17 00:00:00 2001 +From e47d19f4985098ca316eea4a383510d419ec6055 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Fri, 26 Apr 2019 15:27:25 +0200 -Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and +Subject: [PATCH 1/2] Do not export/use setools.InfoFlowAnalysis and setools.DomainTransitionAnalysis dta and infoflow modules require networkx which brings lot of dependencies. @@ -86,10 +86,10 @@ index d72d343e7e79..642485b9018d 100644 from .diff import PolicyDifference diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index 4608b9dbf34e..2cde44c142e9 100644 +index 62dbf04d9a5e..0ea000e790f0 100644 --- a/setoolsgui/apol/dta.py +++ b/setoolsgui/apol/dta.py -@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread +@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread from PyQt5.QtGui import QPalette, QTextCursor from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ QTreeWidgetItem @@ -97,9 +97,9 @@ index 4608b9dbf34e..2cde44c142e9 100644 +from setools.dta import DomainTransitionAnalysis from ..logtosignal import LogHandlerToSignal - from .analysistab import AnalysisTab + from .analysistab import AnalysisSection, AnalysisTab diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index 7bca299d23fc..7fee2778f35f 100644 +index 28009aa2329c..92d350bf727c 100644 --- a/setoolsgui/apol/infoflow.py +++ b/setoolsgui/apol/infoflow.py @@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread @@ -138,5 +138,5 @@ index aa0e44a7e4f8..fca2848aeca5 100644 from setools.exception import InvalidType from setools.permmap import PermissionMap -- -2.26.0.rc2 +2.30.0 diff --git a/1003-Require-networkx-on-package-level.patch b/1003-Require-networkx-on-package-level.patch index 46e9a4d..99eb500 100644 --- a/1003-Require-networkx-on-package-level.patch +++ b/1003-Require-networkx-on-package-level.patch @@ -1,7 +1,7 @@ -From a2faa263c9dd8bcf51465861046e0406a84975c0 Mon Sep 17 00:00:00 2001 +From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 2 Apr 2020 16:06:14 +0200 -Subject: [PATCH] Require networkx on package level +Subject: [PATCH 2/2] Require networkx on package level It allows us to ship python3-setools without dependency on python3-networkx --- @@ -9,10 +9,10 @@ It allows us to ship python3-setools without dependency on python3-networkx 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py -index 457c83049ca5..4bfd438002bb 100644 +index c593b786cc61..0551811e3fd1 100644 --- a/setup.py +++ b/setup.py -@@ -170,5 +170,5 @@ setup(name='setools', +@@ -163,5 +163,5 @@ setup(name='setools', # setup also requires libsepol and libselinux # C libraries and headers to compile. setup_requires=['setuptools', 'Cython>=0.27'], @@ -20,5 +20,5 @@ index 457c83049ca5..4bfd438002bb 100644 + install_requires=['setuptools'] ) -- -2.26.0.rc2 +2.30.0 diff --git a/setools.spec b/setools.spec index a91914d..1fcc16e 100644 --- a/setools.spec +++ b/setools.spec @@ -1,13 +1,13 @@ -%global setools_pre_ver 05e90ee -%global gitver 05e90ee241af05665f3394e9bed0073e1bb2e17d +%global setools_pre_ver 16c0696 +%global gitver 16c069631e1652801b1a6c41c6607b7326fc15f0 -%global sepol_ver 3.1-4 -%global selinux_ver 3.1-4 +%global sepol_ver 3.2-0.rc1 +%global selinux_ver 3.2-0.rc1 Name: setools Version: 4.4.0 -Release: 0.2.20201102git%{setools_pre_ver}%{?dist} +Release: 0.2.20210121git%{setools_pre_ver}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -15,8 +15,6 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch0001: 0001-Adapt-to-new-libsepol-filename-transition-structures.patch -Patch1001: 1001-Do-not-use-Werror-during-build.patch Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Patch1003: 1003-Require-networkx-on-package-level.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 @@ -147,6 +145,10 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Thu Jan 21 2021 Petr Lautrbach - 4.4.0-0.2.20210121git16c0696 +- Rebuild with SELinux userspace 3.2-rc1 +- Update to 16c0696 + * Thu Dec 10 2020 Petr Lautrbach - 4.4.0-0.2.20201102git05e90ee - Fix imports in /usr/bin/sedta diff --git a/sources b/sources index e13005d..add220c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (05e90ee.tar.gz) = 32f60e9a40ca5791a1e63986377e90ca728c7e205d8ae7ce446830ca7f96b51496d9753fd70077f5b6547050d23c41a1d10b20e0af9e4066355e29781d5e3686 +SHA512 (16c0696.tar.gz) = 1c9a2e8daf6e131bfe2e2e1cea1ed2caa190486af152048e3b79ab88fcd0a20c030b08986d1dd6ee4079841985b47c366435177bb206e68ea567ecee32037358 From 041e7a130b9c1188014fa6f63284f2b621407daf Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 27 Jan 2021 20:15:12 +0000 Subject: [PATCH 33/78] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 1fcc16e..f582d75 100644 --- a/setools.spec +++ b/setools.spec @@ -7,7 +7,7 @@ Name: setools Version: 4.4.0 -Release: 0.2.20210121git%{setools_pre_ver}%{?dist} +Release: 0.3.20210121git%{setools_pre_ver}%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -145,6 +145,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Wed Jan 27 2021 Fedora Release Engineering - 4.4.0-0.3.20210121git16c0696 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + * Thu Jan 21 2021 Petr Lautrbach - 4.4.0-0.2.20210121git16c0696 - Rebuild with SELinux userspace 3.2-rc1 - Update to 16c0696 From f7e6d7dcb5b785e3c1ce4c888ebfc59bb3befa50 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 8 Mar 2021 18:01:35 +0100 Subject: [PATCH 34/78] SETools 4.4.0 release --- .gitignore | 1 + setools.spec | 17 ++++++++--------- sources | 2 +- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.gitignore b/.gitignore index a46f24a..229213b 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.3.0.tar.gz /05e90ee.tar.gz /16c0696.tar.gz +/4.4.0.tar.gz diff --git a/setools.spec b/setools.spec index f582d75..ed3c2c6 100644 --- a/setools.spec +++ b/setools.spec @@ -1,18 +1,14 @@ -%global setools_pre_ver 16c0696 -%global gitver 16c069631e1652801b1a6c41c6607b7326fc15f0 - -%global sepol_ver 3.2-0.rc1 -%global selinux_ver 3.2-0.rc1 - +%global sepol_ver 3.2-1 +%global selinux_ver 3.2-1 Name: setools Version: 4.4.0 -Release: 0.3.20210121git%{setools_pre_ver}%{?dist} +Release: 1%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 URL: https://github.com/SELinuxProject/setools/wiki -Source0: https://github.com/SELinuxProject/setools/archive/%{setools_pre_ver}.tar.gz +Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch @@ -94,7 +90,7 @@ Python modules designed to facilitate SELinux policy analysis. %prep -%autosetup -p 1 -S git -n setools-%{gitver} +%autosetup -p 1 -S git -n setools-%{version} %build @@ -145,6 +141,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Mon Mar 8 2021 Petr Lautrbach - 4.4.0-1 +- SETools 4.4.0 release + * Wed Jan 27 2021 Fedora Release Engineering - 4.4.0-0.3.20210121git16c0696 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild diff --git a/sources b/sources index add220c..dbc6493 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (16c0696.tar.gz) = 1c9a2e8daf6e131bfe2e2e1cea1ed2caa190486af152048e3b79ab88fcd0a20c030b08986d1dd6ee4079841985b47c366435177bb206e68ea567ecee32037358 +SHA512 (4.4.0.tar.gz) = 4033ce54213e47e3afd1bdb03b99b0ee3d977f085310d746b34dcfcfe48ac3a562ae0aa2f730d629a298b56dbf295ad219669d13f82578521866b465f8c976e8 From d39a6454a2477ba5303af47d01c4eb9771586b8e Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 4 Jun 2021 21:14:41 +0200 Subject: [PATCH 35/78] Rebuilt for Python 3.10 --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index ed3c2c6..0090f23 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -141,6 +141,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Fri Jun 04 2021 Python Maint - 4.4.0-2 +- Rebuilt for Python 3.10 + * Mon Mar 8 2021 Petr Lautrbach - 4.4.0-1 - SETools 4.4.0 release From d6eb24d48f36f6765fb014fc61d37502c7da9fa3 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 23 Jul 2021 17:24:51 +0000 Subject: [PATCH 36/78] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 0090f23..1e947d1 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -141,6 +141,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Fri Jul 23 2021 Fedora Release Engineering - 4.4.0-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + * Fri Jun 04 2021 Python Maint - 4.4.0-2 - Rebuilt for Python 3.10 From 396291943be7d15ea2053f0bcf05959b4c76b591 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 19 Nov 2021 12:55:09 +0100 Subject: [PATCH 37/78] Make seinfo output predictable https://github.com/SELinuxProject/setools/issues/65 --- 0001-Make-seinfo-output-predictable.patch | 90 +++++++++++++++++++++++ setools.spec | 1 + 2 files changed, 91 insertions(+) create mode 100644 0001-Make-seinfo-output-predictable.patch diff --git a/0001-Make-seinfo-output-predictable.patch b/0001-Make-seinfo-output-predictable.patch new file mode 100644 index 0000000..aa650fe --- /dev/null +++ b/0001-Make-seinfo-output-predictable.patch @@ -0,0 +1,90 @@ +From 8ed316d6bfb65e5e9b57f3761ea8490022ab3a05 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Thu, 18 Nov 2021 13:59:08 +0100 +Subject: [PATCH] Make seinfo output predictable + +There are few places where frozenset is used. Given that frozenset is an unordered +collection the output generated from this is unpredictable. + +The following command outputs are fixed using sorted() on frozensets: + + seinfo --constrain + seinfo --common + seinfo -c -x + seinfo -r -x + seinfo -u -x + +Fixes: https://github.com/SELinuxProject/setools/issues/65 + +Signed-off-by: Petr Lautrbach +--- + setools/policyrep/constraint.pxi | 2 +- + setools/policyrep/objclass.pxi | 4 ++-- + setools/policyrep/role.pxi | 2 +- + setools/policyrep/user.pxi | 2 +- + 4 files changed, 5 insertions(+), 5 deletions(-) + +diff --git a/setools/policyrep/constraint.pxi b/setools/policyrep/constraint.pxi +index 01c63d87425b..0b4c5b9bcf6a 100644 +--- a/setools/policyrep/constraint.pxi ++++ b/setools/policyrep/constraint.pxi +@@ -72,7 +72,7 @@ cdef class Constraint(BaseConstraint): + + def statement(self): + if len(self.perms) > 1: +- perms = "{{ {0} }}".format(' '.join(self.perms)) ++ perms = "{{ {0} }}".format(' '.join(sorted(self.perms))) + else: + # convert to list since sets cannot be indexed + perms = list(self.perms)[0] +diff --git a/setools/policyrep/objclass.pxi b/setools/policyrep/objclass.pxi +index b7ec7b7de5c3..8ed2be5a9bed 100644 +--- a/setools/policyrep/objclass.pxi ++++ b/setools/policyrep/objclass.pxi +@@ -75,7 +75,7 @@ cdef class Common(PolicySymbol): + return other in self.perms + + def statement(self): +- return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(self.perms)) ++ return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(sorted(self.perms))) + + + cdef class ObjClass(PolicySymbol): +@@ -204,7 +204,7 @@ cdef class ObjClass(PolicySymbol): + + # a class that inherits may not have additional permissions + if len(self.perms) > 0: +- stmt += "{{\n\t{0}\n}}".format('\n\t'.join(self.perms)) ++ stmt += "{{\n\t{0}\n}}".format('\n\t'.join(sorted(self.perms))) + + return stmt + +diff --git a/setools/policyrep/role.pxi b/setools/policyrep/role.pxi +index 9a0dd39f27d9..3af8a3f72a1f 100644 +--- a/setools/policyrep/role.pxi ++++ b/setools/policyrep/role.pxi +@@ -58,7 +58,7 @@ cdef class Role(PolicySymbol): + if count == 1: + stmt += " types {0}".format(types[0]) + else: +- stmt += " types {{ {0} }}".format(' '.join(types)) ++ stmt += " types {{ {0} }}".format(' '.join(sorted(types))) + + stmt += ";" + return stmt +diff --git a/setools/policyrep/user.pxi b/setools/policyrep/user.pxi +index 9c82aa92eb72..e37af2939820 100644 +--- a/setools/policyrep/user.pxi ++++ b/setools/policyrep/user.pxi +@@ -81,7 +81,7 @@ cdef class User(PolicySymbol): + if count == 1: + stmt += roles[0] + else: +- stmt += "{{ {0} }}".format(' '.join(roles)) ++ stmt += "{{ {0} }}".format(' '.join(sorted(roles))) + + if self._level: + stmt += " level {0.mls_level} range {0.mls_range};".format(self) +-- +2.33.1 + diff --git a/setools.spec b/setools.spec index 1e947d1..59ad27b 100644 --- a/setools.spec +++ b/setools.spec @@ -11,6 +11,7 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop +Patch0001: 0001-Make-seinfo-output-predictable.patch Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch Patch1003: 1003-Require-networkx-on-package-level.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 From 57856212830a399ce79bff7e4864406c9f460c8a Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 19 Nov 2021 12:56:24 +0100 Subject: [PATCH 38/78] setools-4.4.0-4 - Make seinfo output predictable https://github.com/SELinuxProject/setools/issues/65 --- setools.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 59ad27b..88800a9 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -142,6 +142,10 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Fri Nov 19 2021 Petr Lautrbach - 4.4.0-4 +- Make seinfo output predictable + https://github.com/SELinuxProject/setools/issues/65 + * Fri Jul 23 2021 Fedora Release Engineering - 4.4.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild From cd558df935c640b1c6d3d7b701e1d2850b0490da Mon Sep 17 00:00:00 2001 From: Aleksandra Fedorova Date: Wed, 10 Nov 2021 11:43:13 +0000 Subject: [PATCH 39/78] setools package is allowed to be empty Configure rpminspect to recognize setools as meta-package which is allowed to be empty. --- rpminspect.yaml | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 rpminspect.yaml diff --git a/rpminspect.yaml b/rpminspect.yaml new file mode 100644 index 0000000..6bcfaca --- /dev/null +++ b/rpminspect.yaml @@ -0,0 +1,3 @@ +emptyrpm: + expected_empty: + - setools From c77a77e39c0672701cb5f66db70a80dee187f893 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 23 Nov 2021 15:53:17 +0100 Subject: [PATCH 40/78] Add seinfo-consistent-output test Check whether different 2 or more runs of same seinfo commands produce same output --- .../Sanity/seinfo-consistent-output/Makefile | 64 +++++++++++++++++++ tests/Sanity/seinfo-consistent-output/PURPOSE | 3 + .../seinfo-consistent-output/runtest.sh | 64 +++++++++++++++++++ tests/tests.yml | 1 + 4 files changed, 132 insertions(+) create mode 100644 tests/Sanity/seinfo-consistent-output/Makefile create mode 100644 tests/Sanity/seinfo-consistent-output/PURPOSE create mode 100755 tests/Sanity/seinfo-consistent-output/runtest.sh diff --git a/tests/Sanity/seinfo-consistent-output/Makefile b/tests/Sanity/seinfo-consistent-output/Makefile new file mode 100644 index 0000000..e8bd655 --- /dev/null +++ b/tests/Sanity/seinfo-consistent-output/Makefile @@ -0,0 +1,64 @@ +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Makefile of Sanity/seinfo-consistent-output +# Description: Check whether different 2 or more runs of same seinfo commands produce same output +# Author: Petr Lautrbach +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2021 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +export TEST=Sanity/seinfo-consistent-output +export TESTVERSION=1.0 + +BUILT_FILES= + +FILES=$(METADATA) runtest.sh Makefile PURPOSE + +.PHONY: all install download clean + +run: $(FILES) build + ./runtest.sh + +build: $(BUILT_FILES) + test -x runtest.sh || chmod a+x runtest.sh + +clean: + rm -f *~ $(BUILT_FILES) + + +include /usr/share/rhts/lib/rhts-make.include + +$(METADATA): Makefile + @echo "Owner: Petr Lautrbach " > $(METADATA) + @echo "Name: $(TEST)" >> $(METADATA) + @echo "TestVersion: $(TESTVERSION)" >> $(METADATA) + @echo "Path: $(TEST_DIR)" >> $(METADATA) + @echo "Description: Check whether different 2 or more runs of same seinfo commands produce same output" >> $(METADATA) + @echo "Type: Sanity" >> $(METADATA) + @echo "TestTime: 5m" >> $(METADATA) + @echo "RunFor: setools" >> $(METADATA) + @echo "Requires: setools-console" >> $(METADATA) + @echo "Priority: Normal" >> $(METADATA) + @echo "License: GPLv2+" >> $(METADATA) + @echo "Confidential: no" >> $(METADATA) + @echo "Destructive: no" >> $(METADATA) + @echo "Bug: 2019962" >> $(METADATA) + @echo "Releases: -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA) + + rhts-lint $(METADATA) diff --git a/tests/Sanity/seinfo-consistent-output/PURPOSE b/tests/Sanity/seinfo-consistent-output/PURPOSE new file mode 100644 index 0000000..3202eb9 --- /dev/null +++ b/tests/Sanity/seinfo-consistent-output/PURPOSE @@ -0,0 +1,3 @@ +PURPOSE of Sanity/seinfo-consistent-output +Description: Check whether different 2 or more runs of same seinfo commands produce same output +Author: Petr Lautrbach diff --git a/tests/Sanity/seinfo-consistent-output/runtest.sh b/tests/Sanity/seinfo-consistent-output/runtest.sh new file mode 100755 index 0000000..da49081 --- /dev/null +++ b/tests/Sanity/seinfo-consistent-output/runtest.sh @@ -0,0 +1,64 @@ +#!/bin/bash +# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# runtest.sh of Sanity/seinfo-consistent-output +# Description: Check whether different 2 or more runs of same seinfo commands produce same output +# Author: Petr Lautrbach +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +# +# Copyright (c) 2021 Red Hat, Inc. +# +# This program is free software: you can redistribute it and/or +# modify it under the terms of the GNU General Public License as +# published by the Free Software Foundation, either version 2 of +# the License, or (at your option) any later version. +# +# This program is distributed in the hope that it will be +# useful, but WITHOUT ANY WARRANTY; without even the implied +# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR +# PURPOSE. See the GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see http://www.gnu.org/licenses/. +# +# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +# Include Beaker environment +. /usr/bin/rhts-environment.sh || exit 1 +. /usr/share/beakerlib/beakerlib.sh || exit 1 + +PACKAGE="setools-console" + +rlJournalStart + rlPhaseStartSetup + rlAssertRpm $PACKAGE + rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory" + rlRun "pushd $TmpDir" + rlPhaseEnd + + commands=( + "seinfo --all -x" + "seinfo --constrain" + "seinfo --common" + "seinfo -c -x" + "seinfo -r -x" + "seinfo -u -x" + ) + + for c in "${commands[@]}"; do + + rlPhaseStartTest "$c" + rlRun "$c > 1.out" + rlRun "$c > 2.out" + rlRun "cmp 1.out 2.out" 0 + rlPhaseEnd + done + + rlPhaseStartCleanup + rlRun "popd" + rlRun "rm -r $TmpDir" 0 "Removing tmp directory" + rlPhaseEnd +rlJournalPrintText +rlJournalEnd diff --git a/tests/tests.yml b/tests/tests.yml index f1c994e..c840ce4 100644 --- a/tests/tests.yml +++ b/tests/tests.yml @@ -19,3 +19,4 @@ tests: - Sanity/sedta - Regression/The-setools-package-doesn-t-install-any-tools + - Sanity/seinfo-consistent-output From 493b35df7bb1838945a763aa8ba327844e7e27b0 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jan 2022 00:43:52 +0000 Subject: [PATCH 41/78] - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 88800a9..70666ee 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.0 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -142,6 +142,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Sat Jan 22 2022 Fedora Release Engineering - 4.4.0-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + * Fri Nov 19 2021 Petr Lautrbach - 4.4.0-4 - Make seinfo output predictable https://github.com/SELinuxProject/setools/issues/65 From 9a9e7b5d7e0de43398c65bbc25f1e224a7d069bf Mon Sep 17 00:00:00 2001 From: Python Maint Date: Mon, 13 Jun 2022 16:03:16 +0200 Subject: [PATCH 42/78] Rebuilt for Python 3.11 --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 70666ee..204fc5f 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.0 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -142,6 +142,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Mon Jun 13 2022 Python Maint - 4.4.0-6 +- Rebuilt for Python 3.11 + * Sat Jan 22 2022 Fedora Release Engineering - 4.4.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild From 8b928d80e883b3bb330dd0b1621ee6c7b6196f5a Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 10 Jun 2022 10:33:57 +0200 Subject: [PATCH 43/78] Drop unnecessary Recommends --- setools.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/setools.spec b/setools.spec index 204fc5f..fe34f2a 100644 --- a/setools.spec +++ b/setools.spec @@ -70,7 +70,6 @@ This package includes the following console tools: %package -n python3-setools Summary: Policy analysis tools for SELinux Obsoletes: setools-libs < 4.0.0 -Recommends: libselinux-python3 %{?python_provide:%python_provide python3-setools} Requires: python3-setuptools From 69eb1aef5e976638f7011a420167b05bb5a36ac3 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 10 Jun 2022 10:38:13 +0200 Subject: [PATCH 44/78] Update required userspace versions to 3.4 --- setools.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/setools.spec b/setools.spec index fe34f2a..9319544 100644 --- a/setools.spec +++ b/setools.spec @@ -1,5 +1,5 @@ -%global sepol_ver 3.2-1 -%global selinux_ver 3.2-1 +%global sepol_ver 3.4-1 +%global selinux_ver 3.4-1 Name: setools Version: 4.4.0 From d8501aad3c6c59f42519ac9b04ea49fb90f7cbd8 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 10 Jun 2022 10:39:38 +0200 Subject: [PATCH 45/78] setools-4.4.0-7 - Update required userspace versions to 3.4 - Drop unnecessary Recommends --- setools.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 9319544..a045042 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.0 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -141,6 +141,10 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Mon Jun 13 2022 Petr Lautrbach - 4.4.0-7 +- Update required userspace versions to 3.4 +- Drop unnecessary Recommends + * Mon Jun 13 2022 Python Maint - 4.4.0-6 - Rebuilt for Python 3.11 From 17d137e6585fbd3bc0661fd5ae9e1a42bf9218d5 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Thu, 16 Jun 2022 13:34:36 +0200 Subject: [PATCH 46/78] Rebuilt for Python 3.11 --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index a045042..e421441 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.0 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -141,6 +141,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Thu Jun 16 2022 Python Maint - 4.4.0-8 +- Rebuilt for Python 3.11 + * Mon Jun 13 2022 Petr Lautrbach - 4.4.0-7 - Update required userspace versions to 3.4 - Drop unnecessary Recommends From 392fa030724c2eb4733c4fd1ec066ac899788d19 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 23 Jul 2022 08:25:45 +0000 Subject: [PATCH 47/78] Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index e421441..900aa3e 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.0 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Policy analysis tools for SELinux License: GPLv2 @@ -141,6 +141,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Sat Jul 23 2022 Fedora Release Engineering - 4.4.0-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + * Thu Jun 16 2022 Python Maint - 4.4.0-8 - Rebuilt for Python 3.11 From 3c2ac38dafb8812bcbacb851b7af2499800248c3 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 10 Nov 2022 09:29:45 +0100 Subject: [PATCH 48/78] Migrate License tag to SPDX https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_1 --- setools.spec | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/setools.spec b/setools.spec index 900aa3e..fd05991 100644 --- a/setools.spec +++ b/setools.spec @@ -6,7 +6,7 @@ Version: 4.4.0 Release: 9%{?dist} Summary: Policy analysis tools for SELinux -License: GPLv2 +License: GPL-2.0-only and LGPL-2.1-only URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam @@ -35,7 +35,7 @@ Python modules designed to facilitate SELinux policy analysis. %package console Summary: Policy analysis command-line tools for SELinux -License: GPLv2 +License: GPL-2.0-only Requires: python3-setools = %{version}-%{release} Requires: libselinux >= %{selinux_ver} @@ -52,7 +52,7 @@ This package includes the following console tools: %package console-analyses Summary: Policy analysis command-line tools for SELinux -License: GPLv2 +License: GPL-2.0-only Requires: python3-setools = %{version}-%{release} Requires: libselinux >= %{selinux_ver} Requires: python3-networkx @@ -68,7 +68,8 @@ This package includes the following console tools: %package -n python3-setools -Summary: Policy analysis tools for SELinux +Summary: Policy analysis tools for SELinux +License: LGPL-2.1-only Obsoletes: setools-libs < 4.0.0 %{?python_provide:%python_provide python3-setools} Requires: python3-setuptools @@ -80,6 +81,7 @@ Python 3 modules designed to facilitate SELinux policy analysis. %package gui Summary: Policy analysis graphical tools for SELinux +License: GPL-2.0-only Requires: python3-setools = %{version}-%{release} Requires: python3-qt5 Requires: python3-networkx @@ -109,6 +111,7 @@ Python modules designed to facilitate SELinux policy analysis. %files %files console +%license COPYING.GPL %{_bindir}/sechecker %{_bindir}/sediff %{_bindir}/seinfo @@ -122,6 +125,7 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/sesearch* %files console-analyses +%license COPYING.GPL %{_bindir}/sedta %{_bindir}/seinfoflow %{_mandir}/man1/sedta* @@ -130,11 +134,12 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/seinfoflow* %files -n python3-setools -%license COPYING COPYING.GPL COPYING.LGPL +%license COPYING COPYING.LGPL %{python3_sitearch}/setools %{python3_sitearch}/setools-* %files gui +%license COPYING.GPL %{_bindir}/apol %{python3_sitearch}/setoolsgui %{_mandir}/man1/apol* From e19a208cf3ec04363d504b29efba19f2d8d2519b Mon Sep 17 00:00:00 2001 From: Milos Malik Date: Mon, 11 Jul 2022 13:33:22 +0200 Subject: [PATCH 49/78] run tests via TMT/FMF Use the TMT/FMF instead of STI for running tests. STI does not respect the adjust section in main.fmf files of stored tests. --- .fmf/version | 1 + plans/selinux.fmf | 7 +++++ plans/tests.fmf | 5 ++++ .../main.fmf | 11 +++++++ .../runtest.sh | 1 - tests/Sanity/sedta/main.fmf | 30 +++++++++++++++++++ .../Sanity/seinfo-consistent-output/main.fmf | 15 ++++++++++ .../seinfo-consistent-output/runtest.sh | 1 - tests/tests.yml | 22 -------------- 9 files changed, 69 insertions(+), 24 deletions(-) create mode 100644 .fmf/version create mode 100644 plans/selinux.fmf create mode 100644 plans/tests.fmf create mode 100644 tests/Regression/The-setools-package-doesn-t-install-any-tools/main.fmf create mode 100644 tests/Sanity/sedta/main.fmf create mode 100644 tests/Sanity/seinfo-consistent-output/main.fmf delete mode 100644 tests/tests.yml diff --git a/.fmf/version b/.fmf/version new file mode 100644 index 0000000..d00491f --- /dev/null +++ b/.fmf/version @@ -0,0 +1 @@ +1 diff --git a/plans/selinux.fmf b/plans/selinux.fmf new file mode 100644 index 0000000..b20003c --- /dev/null +++ b/plans/selinux.fmf @@ -0,0 +1,7 @@ +summary: selinux tests - Tier 1 | policycoreutils | checkpolicy +discover: + how: fmf + url: https://src.fedoraproject.org/tests/selinux + filter: "tier: 1 | component: policycoreutils | component: checkpolicy" +execute: + how: tmt diff --git a/plans/tests.fmf b/plans/tests.fmf new file mode 100644 index 0000000..1caffcc --- /dev/null +++ b/plans/tests.fmf @@ -0,0 +1,5 @@ +summary: setools test plan +discover: + how: fmf +execute: + how: tmt diff --git a/tests/Regression/The-setools-package-doesn-t-install-any-tools/main.fmf b/tests/Regression/The-setools-package-doesn-t-install-any-tools/main.fmf new file mode 100644 index 0000000..11ff640 --- /dev/null +++ b/tests/Regression/The-setools-package-doesn-t-install-any-tools/main.fmf @@ -0,0 +1,11 @@ +summary: Make sure setools requires setools-console and setools-gui +contact: Vit Mojzis +component: + - setools +test: ./runtest.sh +framework: beakerlib +duration: 5m +link: + - relates: https://bugzilla.redhat.com/show_bug.cgi?id=1820078 +extra-summary: /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools +extra-task: /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools diff --git a/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh b/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh index 16267ce..ad83754 100755 --- a/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh +++ b/tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh @@ -26,7 +26,6 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include Beaker environment -. /usr/bin/rhts-environment.sh || exit 1 . /usr/share/beakerlib/beakerlib.sh || exit 1 PACKAGE="setools" diff --git a/tests/Sanity/sedta/main.fmf b/tests/Sanity/sedta/main.fmf new file mode 100644 index 0000000..e0c2de1 --- /dev/null +++ b/tests/Sanity/sedta/main.fmf @@ -0,0 +1,30 @@ +summary: Does sedta work as expected? Does it support all features? +description: '' +contact: Milos Malik +component: + - setools +test: ./runtest.sh +framework: beakerlib +recommend: + - git + - policycoreutils + - setools-console-analyses +duration: 1h +enabled: true +tag: + - CI-Tier-1 + - NoRHEL4 + - NoRHEL5 + - NoRHEL6 + - NoRHEL7 + - TIPfail_Security + - f32friendly + - f33friendly + - targeted +adjust: + - enabled: false + when: distro == rhel-4, rhel-5, rhel-6, rhel-7 + continue: false +extra-nitrate: TC#0604139 +extra-summary: /CoreOS/setools/Sanity/sedta +extra-task: /CoreOS/setools/Sanity/sedta diff --git a/tests/Sanity/seinfo-consistent-output/main.fmf b/tests/Sanity/seinfo-consistent-output/main.fmf new file mode 100644 index 0000000..1c908d7 --- /dev/null +++ b/tests/Sanity/seinfo-consistent-output/main.fmf @@ -0,0 +1,15 @@ +summary: Check whether different 2 or more runs of same seinfo commands produce same + output +description: '' +contact: Petr Lautrbach +component: + - setools +test: ./runtest.sh +framework: beakerlib +recommend: + - setools-console +duration: 5m +link: + - relates: https://bugzilla.redhat.com/show_bug.cgi?id=2019962 +extra-summary: Sanity/seinfo-consistent-output +extra-task: Sanity/seinfo-consistent-output diff --git a/tests/Sanity/seinfo-consistent-output/runtest.sh b/tests/Sanity/seinfo-consistent-output/runtest.sh index da49081..0ad39a7 100755 --- a/tests/Sanity/seinfo-consistent-output/runtest.sh +++ b/tests/Sanity/seinfo-consistent-output/runtest.sh @@ -26,7 +26,6 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include Beaker environment -. /usr/bin/rhts-environment.sh || exit 1 . /usr/share/beakerlib/beakerlib.sh || exit 1 PACKAGE="setools-console" diff --git a/tests/tests.yml b/tests/tests.yml deleted file mode 100644 index c840ce4..0000000 --- a/tests/tests.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Test to run in classic context -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - classic - repositories: - - repo: "https://src.fedoraproject.org/tests/selinux.git" - dest: "selinux" - fmf_filter: "tier: 1 | component: policycoreutils | component: checkpolicy" - -# Test to run in classic context -- hosts: localhost - roles: - - role: standard-test-beakerlib - tags: - - classic - tests: - - Sanity/sedta - - Regression/The-setools-package-doesn-t-install-any-tools - - Sanity/seinfo-consistent-output From 67bdb1e7a5e035ec63e6a61a503c6481dfb93f9b Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 21 Jan 2023 03:03:21 +0000 Subject: [PATCH 50/78] Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index fd05991..7d03425 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.0 -Release: 9%{?dist} +Release: 10%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -146,6 +146,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Sat Jan 21 2023 Fedora Release Engineering - 4.4.0-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + * Sat Jul 23 2022 Fedora Release Engineering - 4.4.0-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild From fa44d11ed86378c030fd6e21ae1b81af0b6de049 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 7 Feb 2023 13:25:35 +0100 Subject: [PATCH 51/78] SETools 4.4.1 release --- .gitignore | 1 + 0001-Make-NetworkX-optional.patch | 91 +++++++++++ 0001-Make-seinfo-output-predictable.patch | 90 ----------- ...e-setools.InfoFlowAnalysis-and-setoo.patch | 142 ------------------ setools.spec | 10 +- sources | 2 +- 6 files changed, 99 insertions(+), 237 deletions(-) create mode 100644 0001-Make-NetworkX-optional.patch delete mode 100644 0001-Make-seinfo-output-predictable.patch delete mode 100644 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch diff --git a/.gitignore b/.gitignore index 229213b..282a656 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /05e90ee.tar.gz /16c0696.tar.gz /4.4.0.tar.gz +/4.4.1.tar.gz diff --git a/0001-Make-NetworkX-optional.patch b/0001-Make-NetworkX-optional.patch new file mode 100644 index 0000000..c573d45 --- /dev/null +++ b/0001-Make-NetworkX-optional.patch @@ -0,0 +1,91 @@ +From 716a1d9e1db6701c0b310dd7e10dc4a10656da0f Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Tue, 14 Dec 2021 14:24:20 -0500 +Subject: [PATCH] Make NetworkX optional. +Content-type: text/plain + +The CLI tools get installed to most distros, but sedta and seinfoflow are +not typically used or separated into a different package. This will allow +seinfo, sesearch, and sediff to function if NetworkX is missing, since they +don't require it. + +Signed-off-by: Chris PeBenito +--- + setools/dta.py | 18 ++++++++++++++---- + setools/infoflow.py | 17 +++++++++++++---- + 2 files changed, 27 insertions(+), 8 deletions(-) + +diff --git a/setools/dta.py b/setools/dta.py +index ce5a36463684..ded88ff4f615 100644 +--- a/setools/dta.py ++++ b/setools/dta.py +@@ -10,8 +10,11 @@ from collections import defaultdict + from contextlib import suppress + from typing import DefaultDict, Iterable, List, NamedTuple, Optional, Union + +-import networkx as nx +-from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++try: ++ import networkx as nx ++ from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++except ImportError: ++ logging.getLogger(__name__).debug("NetworkX failed to import.") + + from .descriptors import EdgeAttrDict, EdgeAttrList + from .policyrep import AnyTERule, SELinuxPolicy, TERuletype, Type +@@ -73,8 +76,15 @@ class DomainTransitionAnalysis: + self.reverse = reverse + self.rebuildgraph = True + self.rebuildsubgraph = True +- self.G = nx.DiGraph() +- self.subG = self.G.copy() ++ ++ try: ++ self.G = nx.DiGraph() ++ self.subG = self.G.copy() ++ except NameError: ++ self.log.critical("NetworkX is not available. This is " ++ "requried for Domain Transition Analysis.") ++ self.log.critical("This is typically in the python3-networkx package.") ++ raise + + @property + def reverse(self) -> bool: +diff --git a/setools/infoflow.py b/setools/infoflow.py +index 0ef240a9993f..4b94a0c2d6dd 100644 +--- a/setools/infoflow.py ++++ b/setools/infoflow.py +@@ -7,8 +7,11 @@ import logging + from contextlib import suppress + from typing import cast, Iterable, List, Mapping, Optional, Union + +-import networkx as nx +-from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++try: ++ import networkx as nx ++ from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound ++except ImportError: ++ logging.getLogger(__name__).debug("NetworkX failed to import.") + + from .descriptors import EdgeAttrIntMax, EdgeAttrList + from .permmap import PermissionMap +@@ -54,8 +57,14 @@ class InfoFlowAnalysis: + self.rebuildgraph = True + self.rebuildsubgraph = True + +- self.G = nx.DiGraph() +- self.subG = self.G.copy() ++ try: ++ self.G = nx.DiGraph() ++ self.subG = self.G.copy() ++ except NameError: ++ self.log.critical("NetworkX is not available. This is " ++ "requried for Information Flow Analysis.") ++ self.log.critical("This is typically in the python3-networkx package.") ++ raise + + @property + def min_weight(self) -> int: +-- +2.39.1 + diff --git a/0001-Make-seinfo-output-predictable.patch b/0001-Make-seinfo-output-predictable.patch deleted file mode 100644 index aa650fe..0000000 --- a/0001-Make-seinfo-output-predictable.patch +++ /dev/null @@ -1,90 +0,0 @@ -From 8ed316d6bfb65e5e9b57f3761ea8490022ab3a05 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 18 Nov 2021 13:59:08 +0100 -Subject: [PATCH] Make seinfo output predictable - -There are few places where frozenset is used. Given that frozenset is an unordered -collection the output generated from this is unpredictable. - -The following command outputs are fixed using sorted() on frozensets: - - seinfo --constrain - seinfo --common - seinfo -c -x - seinfo -r -x - seinfo -u -x - -Fixes: https://github.com/SELinuxProject/setools/issues/65 - -Signed-off-by: Petr Lautrbach ---- - setools/policyrep/constraint.pxi | 2 +- - setools/policyrep/objclass.pxi | 4 ++-- - setools/policyrep/role.pxi | 2 +- - setools/policyrep/user.pxi | 2 +- - 4 files changed, 5 insertions(+), 5 deletions(-) - -diff --git a/setools/policyrep/constraint.pxi b/setools/policyrep/constraint.pxi -index 01c63d87425b..0b4c5b9bcf6a 100644 ---- a/setools/policyrep/constraint.pxi -+++ b/setools/policyrep/constraint.pxi -@@ -72,7 +72,7 @@ cdef class Constraint(BaseConstraint): - - def statement(self): - if len(self.perms) > 1: -- perms = "{{ {0} }}".format(' '.join(self.perms)) -+ perms = "{{ {0} }}".format(' '.join(sorted(self.perms))) - else: - # convert to list since sets cannot be indexed - perms = list(self.perms)[0] -diff --git a/setools/policyrep/objclass.pxi b/setools/policyrep/objclass.pxi -index b7ec7b7de5c3..8ed2be5a9bed 100644 ---- a/setools/policyrep/objclass.pxi -+++ b/setools/policyrep/objclass.pxi -@@ -75,7 +75,7 @@ cdef class Common(PolicySymbol): - return other in self.perms - - def statement(self): -- return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(self.perms)) -+ return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(sorted(self.perms))) - - - cdef class ObjClass(PolicySymbol): -@@ -204,7 +204,7 @@ cdef class ObjClass(PolicySymbol): - - # a class that inherits may not have additional permissions - if len(self.perms) > 0: -- stmt += "{{\n\t{0}\n}}".format('\n\t'.join(self.perms)) -+ stmt += "{{\n\t{0}\n}}".format('\n\t'.join(sorted(self.perms))) - - return stmt - -diff --git a/setools/policyrep/role.pxi b/setools/policyrep/role.pxi -index 9a0dd39f27d9..3af8a3f72a1f 100644 ---- a/setools/policyrep/role.pxi -+++ b/setools/policyrep/role.pxi -@@ -58,7 +58,7 @@ cdef class Role(PolicySymbol): - if count == 1: - stmt += " types {0}".format(types[0]) - else: -- stmt += " types {{ {0} }}".format(' '.join(types)) -+ stmt += " types {{ {0} }}".format(' '.join(sorted(types))) - - stmt += ";" - return stmt -diff --git a/setools/policyrep/user.pxi b/setools/policyrep/user.pxi -index 9c82aa92eb72..e37af2939820 100644 ---- a/setools/policyrep/user.pxi -+++ b/setools/policyrep/user.pxi -@@ -81,7 +81,7 @@ cdef class User(PolicySymbol): - if count == 1: - stmt += roles[0] - else: -- stmt += "{{ {0} }}".format(' '.join(roles)) -+ stmt += "{{ {0} }}".format(' '.join(sorted(roles))) - - if self._level: - stmt += " level {0.mls_level} range {0.mls_range};".format(self) --- -2.33.1 - diff --git a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch b/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch deleted file mode 100644 index d270d21..0000000 --- a/1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +++ /dev/null @@ -1,142 +0,0 @@ -From e47d19f4985098ca316eea4a383510d419ec6055 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Fri, 26 Apr 2019 15:27:25 +0200 -Subject: [PATCH 1/2] Do not export/use setools.InfoFlowAnalysis and - setools.DomainTransitionAnalysis - -dta and infoflow modules require networkx which brings lot of dependencies. -These dependencies are not necessary for setools module itself as it's -used in policycoreutils. - -Therefore it's better to use setools.infoflow.InfoFlowAnalysis and -setools.dta.DomainTransitionAnalysis and let the package containing -sedta and seinfoflow to require python3-networkx ---- - sedta | 5 +++-- - seinfoflow | 4 ++-- - setools/__init__.py | 4 ---- - setoolsgui/apol/dta.py | 2 +- - setoolsgui/apol/infoflow.py | 2 +- - tests/dta.py | 2 +- - tests/infoflow.py | 2 +- - 7 files changed, 9 insertions(+), 12 deletions(-) - -diff --git a/sedta b/sedta -index 57070098fe10..51890ea8ea73 100755 ---- a/sedta -+++ b/sedta -@@ -23,9 +23,10 @@ import logging - import signal - - import setools -+import setools.dta - - --def print_transition(trans: setools.DomainTransition) -> None: -+def print_transition(trans: setools.dta.DomainTransition) -> None: - if trans.transition: - print("Domain transition rule(s):") - for t in trans.transition: -@@ -114,7 +115,7 @@ else: - - try: - p = setools.SELinuxPolicy(args.policy) -- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) -+ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude) - - if args.shortest_path or args.all_paths: - if args.shortest_path: -diff --git a/seinfoflow b/seinfoflow -index 0ddcfdc7c1fb..8321718b2640 100755 ---- a/seinfoflow -+++ b/seinfoflow -@@ -17,7 +17,7 @@ - # along with SETools. If not, see . - # - --import setools -+import setools.infoflow - import argparse - import sys - import logging -@@ -102,7 +102,7 @@ elif args.booleans is not None: - try: - p = setools.SELinuxPolicy(args.policy) - m = setools.PermissionMap(args.map) -- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, -+ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude, - booleans=booleans) - - if args.shortest_path or args.all_paths: -diff --git a/setools/__init__.py b/setools/__init__.py -index d72d343e7e79..642485b9018d 100644 ---- a/setools/__init__.py -+++ b/setools/__init__.py -@@ -91,12 +91,8 @@ from .pcideviceconquery import PcideviceconQuery - from .devicetreeconquery import DevicetreeconQuery - - # Information Flow Analysis --from .infoflow import InfoFlowAnalysis - from .permmap import PermissionMap, RuleWeight, Mapping - --# Domain Transition Analysis --from .dta import DomainTransitionAnalysis, DomainEntrypoint, DomainTransition -- - # Policy difference - from .diff import PolicyDifference - -diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index 62dbf04d9a5e..0ea000e790f0 100644 ---- a/setoolsgui/apol/dta.py -+++ b/setoolsgui/apol/dta.py -@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread - from PyQt5.QtGui import QPalette, QTextCursor - from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem --from setools import DomainTransitionAnalysis -+from setools.dta import DomainTransitionAnalysis - - from ..logtosignal import LogHandlerToSignal - from .analysistab import AnalysisSection, AnalysisTab -diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index 28009aa2329c..92d350bf727c 100644 ---- a/setoolsgui/apol/infoflow.py -+++ b/setoolsgui/apol/infoflow.py -@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread - from PyQt5.QtGui import QPalette, QTextCursor - from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem --from setools import InfoFlowAnalysis -+from setools.infoflow import InfoFlowAnalysis - from setools.exception import UnmappedClass, UnmappedPermission - - from ..logtosignal import LogHandlerToSignal -diff --git a/tests/dta.py b/tests/dta.py -index a0cc9381469c..177e6fb0b961 100644 ---- a/tests/dta.py -+++ b/tests/dta.py -@@ -18,7 +18,7 @@ - import os - import unittest - --from setools import DomainTransitionAnalysis -+from setools.dta import DomainTransitionAnalysis - from setools import TERuletype as TERT - from setools.exception import InvalidType - from setools.policyrep import Type -diff --git a/tests/infoflow.py b/tests/infoflow.py -index aa0e44a7e4f8..fca2848aeca5 100644 ---- a/tests/infoflow.py -+++ b/tests/infoflow.py -@@ -18,7 +18,7 @@ - import os - import unittest - --from setools import InfoFlowAnalysis -+from setools.infoflow import InfoFlowAnalysis - from setools import TERuletype as TERT - from setools.exception import InvalidType - from setools.permmap import PermissionMap --- -2.30.0 - diff --git a/setools.spec b/setools.spec index 7d03425..6c9edaf 100644 --- a/setools.spec +++ b/setools.spec @@ -2,8 +2,8 @@ %global selinux_ver 3.4-1 Name: setools -Version: 4.4.0 -Release: 10%{?dist} +Version: 4.4.1 +Release: 1%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -11,8 +11,7 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch0001: 0001-Make-seinfo-output-predictable.patch -Patch1002: 1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch +Patch0001: 0001-Make-NetworkX-optional.patch Patch1003: 1003-Require-networkx-on-package-level.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison @@ -146,6 +145,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Mon Feb 6 2023 Petr Lautrbach - 4.4.1-1 +- SETools 4.4.1 release + * Sat Jan 21 2023 Fedora Release Engineering - 4.4.0-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild diff --git a/sources b/sources index dbc6493..f46a001 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.4.0.tar.gz) = 4033ce54213e47e3afd1bdb03b99b0ee3d977f085310d746b34dcfcfe48ac3a562ae0aa2f730d629a298b56dbf295ad219669d13f82578521866b465f8c976e8 +SHA512 (4.4.1.tar.gz) = 1a3091f3f3f8ad6a7a550618b07ed72d5337c63a38df762663a8df3b79c0f1a29c85abf43db814f730fd637cc432db27e8b12ea7ca3b504d80154f4eea3f7f7e From c8f176620db7ac4baf0cd580d333591dcb3ab88a Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 7 Feb 2023 16:58:35 +0100 Subject: [PATCH 52/78] Do not try to load rhts-environment --- tests/Sanity/sedta/runtest.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/Sanity/sedta/runtest.sh b/tests/Sanity/sedta/runtest.sh index 4fb0483..fa6372d 100755 --- a/tests/Sanity/sedta/runtest.sh +++ b/tests/Sanity/sedta/runtest.sh @@ -26,7 +26,6 @@ # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Include Beaker environment -. /usr/bin/rhts-environment.sh || exit 1 . /usr/share/beakerlib/beakerlib.sh || exit 1 PACKAGE="setools" From d757b877a00afba0f09589ead7e9e9cf213d8f72 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 20 Apr 2023 12:29:53 +0200 Subject: [PATCH 53/78] SETools 4.4.2 release --- .gitignore | 1 + 0001-Make-NetworkX-optional.patch | 91 -------------------- 1003-Require-networkx-on-package-level.patch | 24 ------ setools.spec | 11 +-- sources | 2 +- 5 files changed, 8 insertions(+), 121 deletions(-) delete mode 100644 0001-Make-NetworkX-optional.patch delete mode 100644 1003-Require-networkx-on-package-level.patch diff --git a/.gitignore b/.gitignore index 282a656..f4c80ed 100644 --- a/.gitignore +++ b/.gitignore @@ -13,3 +13,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /16c0696.tar.gz /4.4.0.tar.gz /4.4.1.tar.gz +/4.4.2.tar.gz diff --git a/0001-Make-NetworkX-optional.patch b/0001-Make-NetworkX-optional.patch deleted file mode 100644 index c573d45..0000000 --- a/0001-Make-NetworkX-optional.patch +++ /dev/null @@ -1,91 +0,0 @@ -From 716a1d9e1db6701c0b310dd7e10dc4a10656da0f Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Tue, 14 Dec 2021 14:24:20 -0500 -Subject: [PATCH] Make NetworkX optional. -Content-type: text/plain - -The CLI tools get installed to most distros, but sedta and seinfoflow are -not typically used or separated into a different package. This will allow -seinfo, sesearch, and sediff to function if NetworkX is missing, since they -don't require it. - -Signed-off-by: Chris PeBenito ---- - setools/dta.py | 18 ++++++++++++++---- - setools/infoflow.py | 17 +++++++++++++---- - 2 files changed, 27 insertions(+), 8 deletions(-) - -diff --git a/setools/dta.py b/setools/dta.py -index ce5a36463684..ded88ff4f615 100644 ---- a/setools/dta.py -+++ b/setools/dta.py -@@ -10,8 +10,11 @@ from collections import defaultdict - from contextlib import suppress - from typing import DefaultDict, Iterable, List, NamedTuple, Optional, Union - --import networkx as nx --from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound -+try: -+ import networkx as nx -+ from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound -+except ImportError: -+ logging.getLogger(__name__).debug("NetworkX failed to import.") - - from .descriptors import EdgeAttrDict, EdgeAttrList - from .policyrep import AnyTERule, SELinuxPolicy, TERuletype, Type -@@ -73,8 +76,15 @@ class DomainTransitionAnalysis: - self.reverse = reverse - self.rebuildgraph = True - self.rebuildsubgraph = True -- self.G = nx.DiGraph() -- self.subG = self.G.copy() -+ -+ try: -+ self.G = nx.DiGraph() -+ self.subG = self.G.copy() -+ except NameError: -+ self.log.critical("NetworkX is not available. This is " -+ "requried for Domain Transition Analysis.") -+ self.log.critical("This is typically in the python3-networkx package.") -+ raise - - @property - def reverse(self) -> bool: -diff --git a/setools/infoflow.py b/setools/infoflow.py -index 0ef240a9993f..4b94a0c2d6dd 100644 ---- a/setools/infoflow.py -+++ b/setools/infoflow.py -@@ -7,8 +7,11 @@ import logging - from contextlib import suppress - from typing import cast, Iterable, List, Mapping, Optional, Union - --import networkx as nx --from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound -+try: -+ import networkx as nx -+ from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound -+except ImportError: -+ logging.getLogger(__name__).debug("NetworkX failed to import.") - - from .descriptors import EdgeAttrIntMax, EdgeAttrList - from .permmap import PermissionMap -@@ -54,8 +57,14 @@ class InfoFlowAnalysis: - self.rebuildgraph = True - self.rebuildsubgraph = True - -- self.G = nx.DiGraph() -- self.subG = self.G.copy() -+ try: -+ self.G = nx.DiGraph() -+ self.subG = self.G.copy() -+ except NameError: -+ self.log.critical("NetworkX is not available. This is " -+ "requried for Information Flow Analysis.") -+ self.log.critical("This is typically in the python3-networkx package.") -+ raise - - @property - def min_weight(self) -> int: --- -2.39.1 - diff --git a/1003-Require-networkx-on-package-level.patch b/1003-Require-networkx-on-package-level.patch deleted file mode 100644 index 99eb500..0000000 --- a/1003-Require-networkx-on-package-level.patch +++ /dev/null @@ -1,24 +0,0 @@ -From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Thu, 2 Apr 2020 16:06:14 +0200 -Subject: [PATCH 2/2] Require networkx on package level - -It allows us to ship python3-setools without dependency on python3-networkx ---- - setup.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/setup.py b/setup.py -index c593b786cc61..0551811e3fd1 100644 ---- a/setup.py -+++ b/setup.py -@@ -163,5 +163,5 @@ setup(name='setools', - # setup also requires libsepol and libselinux - # C libraries and headers to compile. - setup_requires=['setuptools', 'Cython>=0.27'], -- install_requires=['setuptools', 'networkx>=2.0'] -+ install_requires=['setuptools'] - ) --- -2.30.0 - diff --git a/setools.spec b/setools.spec index 6c9edaf..72ab55b 100644 --- a/setools.spec +++ b/setools.spec @@ -1,8 +1,8 @@ -%global sepol_ver 3.4-1 -%global selinux_ver 3.4-1 +%global sepol_ver 3.5-1 +%global selinux_ver 3.5-1 Name: setools -Version: 4.4.1 +Version: 4.4.2 Release: 1%{?dist} Summary: Policy analysis tools for SELinux @@ -11,8 +11,6 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch0001: 0001-Make-NetworkX-optional.patch -Patch1003: 1003-Require-networkx-on-package-level.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison BuildRequires: glibc-devel, gcc, git-core @@ -145,6 +143,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Thu Apr 20 2023 Petr Lautrbach - 4.4.2-1 +- SETools 4.4.2 release + * Mon Feb 6 2023 Petr Lautrbach - 4.4.1-1 - SETools 4.4.1 release diff --git a/sources b/sources index f46a001..361fad1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.4.1.tar.gz) = 1a3091f3f3f8ad6a7a550618b07ed72d5337c63a38df762663a8df3b79c0f1a29c85abf43db814f730fd637cc432db27e8b12ea7ca3b504d80154f4eea3f7f7e +SHA512 (4.4.2.tar.gz) = b5117c5de1503e25183c2a1af92cd015320dd37e0cf26b8e09bd5d0ff879734d2f9c301def2a40b476c1ed1960f9ee04ae13b284df73f39f743004104ac85fb1 From ce726757007f26addafe0a7966c1e9c3d4729744 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Tue, 13 Jun 2023 21:38:07 +0200 Subject: [PATCH 54/78] Rebuilt for Python 3.12 --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 72ab55b..ef0048b 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.2 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -143,6 +143,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Tue Jun 13 2023 Python Maint - 4.4.2-2 +- Rebuilt for Python 3.12 + * Thu Apr 20 2023 Petr Lautrbach - 4.4.2-1 - SETools 4.4.2 release From 6ae3e7d3fc94cc12d31c8b51e25ce9e1e0bba5ea Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 22 Jul 2023 01:28:08 +0000 Subject: [PATCH 55/78] Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild Signed-off-by: Fedora Release Engineering --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index ef0048b..8dce1c7 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.2 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -143,6 +143,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Sat Jul 22 2023 Fedora Release Engineering - 4.4.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + * Tue Jun 13 2023 Python Maint - 4.4.2-2 - Rebuilt for Python 3.12 From 46e11071defd33c408add847c13705f524860ca1 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 26 Jul 2023 14:37:17 +0200 Subject: [PATCH 56/78] setools-4.4.2-4 - Disable/remove neverallow options in sediff. - Improve man pages - seinfoflow: Add -r option to get flows into the source type. - seinfoflow.1: Remove references to sepolgen permission map. - AVRule/AVRuleXperm: Treat rules with no permissions as invalid policy. - SELinuxPolicy: Add explicit cast for libspol message Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2226424 --- ...-remove-neverallow-options-in-sediff.patch | 92 +++++++ 0002-Improve-man-pages.patch | 225 ++++++++++++++++++ ...nvironments-to-use-python-instead-of.patch | 62 +++++ ...-option-to-get-flows-into-the-source.patch | 51 ++++ ...ove-references-to-sepolgen-permissio.patch | 34 +++ ...rm-Treat-rules-with-no-permissions-a.patch | 55 +++++ ...d-explicit-cast-for-libspol-message-.patch | 52 ++++ setools.spec | 18 +- 8 files changed, 588 insertions(+), 1 deletion(-) create mode 100644 0001-Disable-remove-neverallow-options-in-sediff.patch create mode 100644 0002-Improve-man-pages.patch create mode 100644 0003-tox.ini-Change-environments-to-use-python-instead-of.patch create mode 100644 0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch create mode 100644 0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch create mode 100644 0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch create mode 100644 0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch diff --git a/0001-Disable-remove-neverallow-options-in-sediff.patch b/0001-Disable-remove-neverallow-options-in-sediff.patch new file mode 100644 index 0000000..d34479a --- /dev/null +++ b/0001-Disable-remove-neverallow-options-in-sediff.patch @@ -0,0 +1,92 @@ +From edf1a80fa41fa34ad849fbf5098eddd4c5339c18 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 9 May 2023 19:22:01 +0200 +Subject: [PATCH] Disable/remove neverallow options in sediff. +Content-type: text/plain + +Apply change from commit 06335957b701 ("Disable/remove neverallow +options in frontends.") to sediff + +Signed-off-by: Petr Lautrbach +--- + man/ru/sediff.1 | 4 ---- + man/sediff.1 | 4 ---- + sediff | 10 +++++++--- + 3 files changed, 7 insertions(+), 11 deletions(-) + +diff --git a/man/ru/sediff.1 b/man/ru/sediff.1 +index c6bf2939443f..af5d8efcf82c 100644 +--- a/man/ru/sediff.1 ++++ b/man/ru/sediff.1 +@@ -57,16 +57,12 @@ sediff \- утилита выявления различий политик SELi + Найти различия правил включения журналирования событий. + .IP "--dontaudit" + Найти различия правил запрета журналирования событий. +-.IP "--neverallow" +-Найти различия запрещающих правил. + .IP "--allowxperm" + Найти различия расширенных разрешительных правил. + .IP "--auditallowxperm" + Найти различия расширенных правил включения журналирования событий. + .IP "--dontauditxperm" + Найти различия расширенных правил запрета журналирования событий. +-.IP "--neverallowxperm" +-Найти различия расширенных запрещающих правил. + .IP "-T, --type_trans" + Найти различия правил перехода типов. + .IP "--type_member" +diff --git a/man/sediff.1 b/man/sediff.1 +index ed3b497db2c4..18466d8aeb68 100644 +--- a/man/sediff.1 ++++ b/man/sediff.1 +@@ -50,16 +50,12 @@ Find differences in allow rules. + Find differences in auditallow rules. + .IP "--dontaudit" + Find differences in dontaudit rules. +-.IP "--neverallow" +-Find differences in neverallow rules. + .IP "--allowxperm" + Find differences in allowxperm rules. + .IP "--auditallowxperm" + Find differences in auditallowxperm rules. + .IP "--dontauditxperm" + Find differences in dontauditxperm rules. +-.IP "--neverallowxperm" +-Find differences in neverallowxperm rules. + .IP "-T, --type_trans" + Find differences in type_transition rules. + .IP "--type_member" +diff --git a/sediff b/sediff +index b2fef9771f18..a39d6f5c8f57 100755 +--- a/sediff ++++ b/sediff +@@ -45,12 +45,12 @@ comp.add_argument("--level", action="store_true", help="Print MLS level definiti + terule = parser.add_argument_group("type enforcement rule differences") + terule.add_argument("-A", action="store_true", help="Print allow and allowxperm rule differences") + terule.add_argument("--allow", action="store_true", help="Print allow rule differences") +-terule.add_argument("--neverallow", action="store_true", help="Print neverallow rule differences") ++# terule.add_argument("--neverallow", action="store_true", help="Print neverallow rule differences") + terule.add_argument("--auditallow", action="store_true", help="Print auditallow rule differences") + terule.add_argument("--dontaudit", action="store_true", help="Print dontaudit rule differences") + terule.add_argument("--allowxperm", action="store_true", help="Print allowxperm rule differences") +-terule.add_argument("--neverallowxperm", action="store_true", +- help="Print neverallowxperm rule differences") ++# terule.add_argument("--neverallowxperm", action="store_true", ++# help="Print neverallowxperm rule differences") + terule.add_argument("--auditallowxperm", action="store_true", + help="Print auditallowxperm rule differences") + terule.add_argument("--dontauditxperm", action="store_true", +@@ -97,6 +97,10 @@ other.add_argument("--typebounds", action="store_true", help="Print typebounds d + + args = parser.parse_args() + ++# neverallow and neverallowxperm options are disabled ++args.neverallow = False ++args.neverallowxperm = False ++ + if args.A: + args.allow = True + args.allowxperm = True +-- +2.41.0 + diff --git a/0002-Improve-man-pages.patch b/0002-Improve-man-pages.patch new file mode 100644 index 0000000..15552a2 --- /dev/null +++ b/0002-Improve-man-pages.patch @@ -0,0 +1,225 @@ +From 2fea8eb0d4aedbbdca2209ee904eb10df69737b8 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Thu, 11 May 2023 18:38:21 +0200 +Subject: [PATCH] Improve man pages +Content-type: text/plain + +- Add missing parameters +- Add examples +- Fix typos + +Signed-off-by: Vit Mojzis +--- + man/sechecker.1 | 6 +++--- + man/sediff.1 | 12 ++++++++++++ + man/sedta.1 | 9 +++++++++ + man/seinfo.1 | 25 +++++++++++++++++++++++++ + man/seinfoflow.1 | 9 +++++++++ + man/sesearch.1 | 12 ++++++++++++ + 6 files changed, 70 insertions(+), 3 deletions(-) + +diff --git a/man/sechecker.1 b/man/sechecker.1 +index 507b8615c26f..e32d6d6114ba 100644 +--- a/man/sechecker.1 ++++ b/man/sechecker.1 +@@ -81,7 +81,7 @@ A space-separated list of object class criteria for the query. + A space-separated list of permissions for the query. + + .PP +-\fBA least one of the above options must be set in this check.\fR ++\fBAt least one of the above options must be set in this check.\fR + + .PP + Additional Options: +@@ -123,7 +123,7 @@ The source role criteria for the query. + The target role criteria for the query. + + .PP +-\fBA least one of the above options must be set in this check.\fR ++\fBAt least one of the above options must be set in this check.\fR + + .PP + Additional Options: +@@ -205,7 +205,7 @@ executable types are read-only.\fR + .\} + .nf + [ro_execs] +-check_type = empty_typeattr ++check_type = ro_execs + desc = Verify that the all executables and libraries are read-only. + .fi + .if n \{\ +diff --git a/man/sediff.1 b/man/sediff.1 +index 18466d8aeb68..9b189885ff3c 100644 +--- a/man/sediff.1 ++++ b/man/sediff.1 +@@ -84,6 +84,10 @@ Find differences in validatetrans rules. + Find differences in mlsvalidatetrans rules. + + .SS Labeling Statement Differences ++.IP "--ibendportcon" ++Find differences in ibendportcon (InfiniBand endport context) statements. ++.IP "--ibpkeycon" ++Find differences in ibpkeycon (InfiniBand parition key context) statements. + .IP "--initialsid" + Find differences in initial SID statements. + .IP "--fs_use" +@@ -136,6 +140,14 @@ For example, a class is modified if one or more permissions are added or removed + .RE + .PP + ++.SH EXAMPLE ++.nf ++Show differences in boolean settings ++# sediff -b /backup/policy.33 /etc/selinux/targeted/policy/policy.33 ++Show statistics for allow and allowxperm rule changes (how many rules where added, removed, or modified) ++#sediff -A --stats /backup/policy.33 /etc/selinux/targeted/policy/policy.33 ++ ++ + .SH AUTHOR + Chris PeBenito + +diff --git a/man/sedta.1 b/man/sedta.1 +index 1d84d92664e0..d3d21db6f172 100644 +--- a/man/sedta.1 ++++ b/man/sedta.1 +@@ -49,6 +49,8 @@ Specify the maximum number of domain transitions to output. The default is unlim + A space-separated list of types to exclude from the analysis. + + .SS General Options ++.IP "--full" ++Print rule lists for transitions. + .IP "--stats" + Print domain transition graph statistics at the end of the analysis. + .IP "-h, --help" +@@ -60,6 +62,13 @@ Print additional informational messages. + .IP "--debug" + Enable debugging output. + ++.SH EXAMPLE ++.nf ++Show the shortest transition paths from httpd_t to unconfined_t, while not using container_runtime_t ++# sedta -s httpd_t -t unconfined_t -S container_runtime_t ++List all domain transition paths shorter than 3 steps from init_t to smbd_t ++# sedta -s init_t -t smbd_t -A 3 ++ + .SH AUTHOR + Chris PeBenito + +diff --git a/man/seinfo.1 b/man/seinfo.1 +index 1adea9868d66..9e7cbde8c06e 100644 +--- a/man/seinfo.1 ++++ b/man/seinfo.1 +@@ -56,6 +56,10 @@ There is no expanded information for this component. + .IP "--genfscon [FS_TYPE]" + Print a list of genfscon statements or, if FS_TYPE is provided, print the statement for the named filesystem type. + There is no expanded information for this component. ++.IP "--ibpkeycon [PKEY[-PKEY]]" ++Print a list of InfiniBand parition key contexts. ++.IP "--ibendportcon [NAME]" ++Print a list of InfiniBand endport contexts. + .IP "--initialsid [NAME]" + Print a list of initial SIDs or, if NAME is provided, print the named initial SID. + With \fI-x\fR, print the context assigned to each displayed SID. +@@ -86,6 +90,18 @@ There is no expanded information for this component. + .IP "--all" + Print all components. + ++.IP "\fB Xen Component Queries: \fR" ++.IP "--ioportcon" ++Print all ioportcon statements. ++.IP "--iomemcon" ++Print all iomemcon statements. ++.IP "--pcidevicecon" ++Print all pcidevicecon statements. ++.IP "--pirqcon" ++Print all pirqcon statements. ++.IP "--devicetreecon" ++Print all devicetreecon statements. ++ + .SH OPTIONS + .IP "-x, --expand" + Print additional details for each component matching the expression. +@@ -101,6 +117,15 @@ Print additional informational messages. + .IP "--debug" + Enable debugging output. + ++.SH EXAMPLE ++.nf ++List aliases of and attributes assigned to type httpd_t ++# seinfo -t httpd_t -x ++List all executable types (all types assigned to "exec_type" attribute) ++# seinfo -a exec_type -x ++List all constrains and mlsconstrains for class "file" ++# seinfo --constrain file ++ + .SH AUTHOR + Chris PeBenito + +diff --git a/man/seinfoflow.1 b/man/seinfoflow.1 +index 2e4a261606bf..75763d6f2378 100644 +--- a/man/seinfoflow.1 ++++ b/man/seinfoflow.1 +@@ -54,6 +54,8 @@ A space-separated list of types to exclude from the analysis. + Print information flow graph statistics at the end of the analysis. + .IP "-h, --help" + Print help information and exit. ++.IP "--full" ++Print full rule lists for information flows. + .IP "--version" + Print version information and exit. + .IP "-v, --verbose" +@@ -61,6 +63,13 @@ Print additional informational messages. + .IP "--debug" + Enable debugging output. + ++.SH EXAMPLE ++.nf ++Show the shortest paths for process running as httpd_t to access user home files, using permission map from /var/lib/sepolgen/perm_map ++# seinfoflow -m /var/lib/sepolgen/perm_map -s httpd_t -t user_home_t -S ++List all data paths shorter than 3 steps from smbd_t to httpd_log_t, when samba_enable_home_dirs and samba_create_home_dirs booleans are enabled ++# seinfoflow -m /var/lib/sepolgen/perm_map -s smbd_t -t user_home_t -A 3 -b "samba_enable_home_dirs:true,samba_create_home_dirs:true" ++ + .SH AUTHOR + Chris PeBenito + +diff --git a/man/sesearch.1 b/man/sesearch.1 +index 35f16c4ba33e..edc18346673c 100644 +--- a/man/sesearch.1 ++++ b/man/sesearch.1 +@@ -48,6 +48,7 @@ Find type_change rules. + Find role allow rules. + .IP "--role_trans" + Find role_transition rules. ++.IP "Note: TE/MLS rule searches cannot be mixed with RBAC rule searches" + + .SS MLS Rule Types + .IP "--range_trans" +@@ -80,6 +81,8 @@ A matching rule must have the specified target attribute/type/role explicitly, i + A matching rule must have all specified Booleans, instead of matching any of the specified Boolean. + .IP "-ep" + A matching rule must have exactly the specified permissions, instead of matching any of the specified permission. ++.IP "-ex" ++A matching rule must have exactly the specified extended permissions, instead of matching any listed extended permission. + .IP "-Sp" + A matching rule must have permissions where are a superset of the specified permissions, instead of matching any of the permissions. + .IP "-rs" +@@ -103,6 +106,15 @@ Print additional informational messages. + .IP "--debug" + Enable debugging output. + ++.SH EXAMPLE ++.nf ++List allow (and allowxperm) rules for accessing files labeled container_file_t from domains with attribute container_domain ++# sesearch -A -s container_domain -t container_file_t -c file ++List allow and dontaudit rules for accessing chr_files labeled container_file_t, that are controlled by boolean container_use_devices ++# sesearch -A --dontaudit -t container_file_t -c chr_file -b container_use_devices ++List dontaudit rules assigned via application_domain_type attribute (rules concerning specific types with that attribute are excluded) ++# sesearch --dontaudit -s application_domain_type -ds ++ + .SH AUTHOR + Chris PeBenito + +-- +2.41.0 + diff --git a/0003-tox.ini-Change-environments-to-use-python-instead-of.patch b/0003-tox.ini-Change-environments-to-use-python-instead-of.patch new file mode 100644 index 0000000..a49f91f --- /dev/null +++ b/0003-tox.ini-Change-environments-to-use-python-instead-of.patch @@ -0,0 +1,62 @@ +From 6425b45e2748605b99d4e45b286fbf5bb8e8243e Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Mon, 17 Jul 2023 16:45:01 -0400 +Subject: [PATCH] tox.ini: Change environments to use "python" instead of "py". +Content-type: text/plain + +Signed-off-by: Chris PeBenito +--- + .github/workflows/tests.yml | 12 ++++++------ + tox.ini | 8 ++++---- + 2 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml +index eb443ae7f0f7..c3c8d552ca15 100644 +--- a/.github/workflows/tests.yml ++++ b/.github/workflows/tests.yml +@@ -27,12 +27,12 @@ jobs: + + matrix: + build-opts: +- - {python: '3.6', tox: py36} +- - {python: '3.7', tox: py37} +- - {python: '3.8', tox: py38} +- - {python: '3.9', tox: py39} +- - {python: '3.10', tox: py310} +- - {python: '3.11', tox: py311} ++ - {python: '3.6', tox: python3.6} ++ - {python: '3.7', tox: python3.7} ++ - {python: '3.8', tox: python3.8} ++ - {python: '3.9', tox: python3.9} ++ - {python: '3.10', tox: python3.10} ++ - {python: '3.11', tox: python3.11} + - {python: '3.6', tox: pep8} + - {python: '3.6', tox: lint} + - {python: '3.6', tox: mypy} +diff --git a/tox.ini b/tox.ini +index b2f6b51858e6..a668bb3de425 100644 +--- a/tox.ini ++++ b/tox.ini +@@ -1,6 +1,6 @@ + [tox] + minversion = 1.4 +-envlist = py3, pep8, lint, mypy ++envlist = python3, pep8, lint, mypy + + [pycodestyle] + max-line-length = 100 +@@ -53,8 +53,8 @@ passenv = USERSPACE_SRC + deps = networkx>=2.0 + cython>=0.27 + pytest +- py38: cython>=0.29.14 +- py39: networkx>=2.6 +- py39: cython>=0.29.14 ++ python38: cython>=0.29.14 ++ python39: networkx>=2.6 ++ python39: cython>=0.29.14 + commands_pre = {envpython} setup.py build_ext -i + commands = pytest tests +-- +2.41.0 + diff --git a/0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch b/0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch new file mode 100644 index 0000000..14e7864 --- /dev/null +++ b/0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch @@ -0,0 +1,51 @@ +From 8ec295066289cf74df0e3f2c6e068abe503f1121 Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Wed, 21 Jun 2023 08:56:08 -0400 +Subject: [PATCH] seinfoflow: Add -r option to get flows into the source type. +Content-type: text/plain + +Signed-off-by: Chris PeBenito +--- + man/seinfoflow.1 | 2 ++ + seinfoflow | 5 ++++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/man/seinfoflow.1 b/man/seinfoflow.1 +index 75763d6f2378..63c70c0e7b14 100644 +--- a/man/seinfoflow.1 ++++ b/man/seinfoflow.1 +@@ -50,6 +50,8 @@ Specify the maximum number of information flows to output. The default is unlimi + A space-separated list of types to exclude from the analysis. + + .SS General Options ++.IP "-r, --reverse" ++Display information flows into the source type. No effect if a target type is specified. + .IP "--stats" + Print information flow graph statistics at the end of the analysis. + .IP "-h, --help" +diff --git a/seinfoflow b/seinfoflow +index 5f4e7642ecf9..9bd1bec41da8 100755 +--- a/seinfoflow ++++ b/seinfoflow +@@ -42,6 +42,9 @@ alg.add_argument("-A", "--all_paths", type=int, metavar="MAX_STEPS", + help="Calculate all paths, with the specified maximum path length. (Expensive)") + + opts = parser.add_argument_group("Analysis options") ++opts.add_argument("-r", "--reverse", action="store_false", ++ help="Display information flows into the source type. " ++ "No effect if a target type is specified.") + opts.add_argument("-w", "--min_weight", default=3, type=int, + help="Minimum permission weight. Default is 3.") + opts.add_argument("-l", "--limit_flows", default=0, type=int, +@@ -119,7 +122,7 @@ try: + + else: # single direct info flow + flownum = 0 +- for flownum, flow in enumerate(g.infoflows(args.source), start=1): ++ for flownum, flow in enumerate(g.infoflows(args.source, out=args.reverse), start=1): + print("Flow {0}: {1} -> {2}".format(flownum, flow.source, flow.target)) + + if args.full: +-- +2.41.0 + diff --git a/0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch b/0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch new file mode 100644 index 0000000..f1ed9e7 --- /dev/null +++ b/0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch @@ -0,0 +1,34 @@ +From 32ebd2c802ca0fcf3b920b298f0d2d8b2972cfa9 Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Wed, 21 Jun 2023 08:56:53 -0400 +Subject: [PATCH] seinfoflow.1: Remove references to sepolgen permission map. +Content-type: text/plain + +SETools ships with its own so that it is usable on non-SELinux systems. + +Signed-off-by: Chris PeBenito +--- + man/seinfoflow.1 | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/man/seinfoflow.1 b/man/seinfoflow.1 +index 63c70c0e7b14..e482520a8b82 100644 +--- a/man/seinfoflow.1 ++++ b/man/seinfoflow.1 +@@ -67,10 +67,10 @@ Enable debugging output. + + .SH EXAMPLE + .nf +-Show the shortest paths for process running as httpd_t to access user home files, using permission map from /var/lib/sepolgen/perm_map +-# seinfoflow -m /var/lib/sepolgen/perm_map -s httpd_t -t user_home_t -S ++Show the shortest paths for process running as httpd_t to access user home files, using the default permission map: ++# seinfoflow -s httpd_t -t user_home_t -S + List all data paths shorter than 3 steps from smbd_t to httpd_log_t, when samba_enable_home_dirs and samba_create_home_dirs booleans are enabled +-# seinfoflow -m /var/lib/sepolgen/perm_map -s smbd_t -t user_home_t -A 3 -b "samba_enable_home_dirs:true,samba_create_home_dirs:true" ++# seinfoflow -s smbd_t -t user_home_t -A 3 -b "samba_enable_home_dirs:true,samba_create_home_dirs:true" + + .SH AUTHOR + Chris PeBenito +-- +2.41.0 + diff --git a/0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch b/0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch new file mode 100644 index 0000000..8b8df96 --- /dev/null +++ b/0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch @@ -0,0 +1,55 @@ +From 725d224e8dd8af3a5a56c71b9de7936d098cae61 Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Tue, 16 May 2023 13:21:09 -0400 +Subject: [PATCH] AVRule/AVRuleXperm: Treat rules with no permissions as + invalid policy. +Content-type: text/plain + +Signed-off-by: Chris PeBenito +--- + setools/policyrep/terule.pxi | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi +index 6c869ed08ad9..4f4a95f553bc 100644 +--- a/setools/policyrep/terule.pxi ++++ b/setools/policyrep/terule.pxi +@@ -120,6 +120,17 @@ cdef class AVRule(BaseTERule): + r._conditional = conditional + r._conditional_block = conditional_block + r.origin = None ++ ++ if not r.perms: ++ rule_string = f"{r.ruletype} {r.source} {r.target}:{r.tclass} {{ }};" ++ try: ++ rule_string += f" [ {r.conditional} ]:{r.conditional_block}" ++ except RuleNotConditional: ++ pass ++ ++ raise LowLevelPolicyError("Invalid policy: Found a rule with no permissions: " ++ f"{rule_string}") ++ + return r + + def __hash__(self): +@@ -319,6 +330,17 @@ cdef class AVRuleXperm(BaseTERule): + r._conditional = conditional + r._conditional_block = conditional_block + r.origin = None ++ ++ if not perms: ++ rule_string = f"{r.ruletype} {r.source} {r.target}:{r.tclass} {r.xperm_type} {{ }};" ++ try: ++ rule_string += f" [ {r.conditional} ]:{r.conditional_block}" ++ except RuleNotConditional: ++ pass ++ ++ raise LowLevelPolicyError( ++ f"Invalid policy: Found a rule with no extended permissions: {rule_string}.") ++ + return r + + def __hash__(self): +-- +2.41.0 + diff --git a/0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch b/0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch new file mode 100644 index 0000000..caa96f3 --- /dev/null +++ b/0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch @@ -0,0 +1,52 @@ +From fc443b5a0379f3644e071a458e996ea6115ccba3 Mon Sep 17 00:00:00 2001 +From: Chris PeBenito +Date: Mon, 17 Jul 2023 16:08:21 -0400 +Subject: [PATCH] SELinuxPolicy: Add explicit cast for libspol message + callback. +Content-type: text/plain + +Cython 3.0 is more strict. The change fixes this issue: + +setools/policyrep/selinuxpolicy.pxi:685:46: Cannot assign type 'void (void *, sepol_handle_t *, const char *, ...) except *' to 'msg_callback' + +Additionally, the msg_callback is not typedef-ed in sepol/debug.h, so it must +be explicitly defined in sepol.pxd for the casting to work. + +Signed-off-by: Chris PeBenito +--- + setools/policyrep/selinuxpolicy.pxi | 2 +- + setools/policyrep/sepol.pxd | 4 +++- + 2 files changed, 4 insertions(+), 2 deletions(-) + +diff --git a/setools/policyrep/selinuxpolicy.pxi b/setools/policyrep/selinuxpolicy.pxi +index 9267a0c43abc..236316f1c6c5 100644 +--- a/setools/policyrep/selinuxpolicy.pxi ++++ b/setools/policyrep/selinuxpolicy.pxi +@@ -668,7 +668,7 @@ cdef class SELinuxPolicy: + if self.sh == NULL: + raise MemoryError + +- sepol.sepol_msg_set_callback(self.sh, sepol_logging_callback, self.handle) ++ sepol.sepol_msg_set_callback(self.sh, sepol_logging_callback, self.handle) + + if sepol.sepol_policydb_create(&self.handle) < 0: + raise MemoryError +diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd +index 769498f2c5fd..36589ed1a607 100644 +--- a/setools/policyrep/sepol.pxd ++++ b/setools/policyrep/sepol.pxd +@@ -16,8 +16,10 @@ cdef extern from "": + void sepol_handle_destroy(sepol_handle_t *sh) + + ++ctypedef void (*msg_callback)(void *varg, sepol_handle_t *handle, const char *fmt, ...) ++ ++ + cdef extern from "": +- ctypedef void (*msg_callback)(void *varg, sepol_handle_t *handle, const char *fmt, ...) + void sepol_msg_set_callback(sepol_handle * handle, msg_callback cb, void *cb_arg) + + +-- +2.41.0 + diff --git a/setools.spec b/setools.spec index 8dce1c7..04ac4bf 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.2 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -11,6 +11,14 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop +Patch0001: 0001-Disable-remove-neverallow-options-in-sediff.patch +Patch0002: 0002-Improve-man-pages.patch +Patch0003: 0003-tox.ini-Change-environments-to-use-python-instead-of.patch +Patch0004: 0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch +Patch0005: 0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch +Patch0006: 0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch +Patch0007: 0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch + Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison BuildRequires: glibc-devel, gcc, git-core @@ -143,6 +151,14 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Wed Jul 26 2023 Petr Lautrbach - 4.4.2-4 +- Disable/remove neverallow options in sediff. +- Improve man pages +- seinfoflow: Add -r option to get flows into the source type. +- seinfoflow.1: Remove references to sepolgen permission map. +- AVRule/AVRuleXperm: Treat rules with no permissions as invalid policy. +- SELinuxPolicy: Add explicit cast for libspol message + * Sat Jul 22 2023 Fedora Release Engineering - 4.4.2-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild From dd68fa8535715035c32d40114ad7af37d8b0c9f2 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 9 Aug 2023 18:45:08 +0200 Subject: [PATCH 57/78] setools-4.4.3-1 --- .gitignore | 1 + ...-remove-neverallow-options-in-sediff.patch | 92 ------- 0002-Improve-man-pages.patch | 225 ------------------ ...nvironments-to-use-python-instead-of.patch | 62 ----- ...-option-to-get-flows-into-the-source.patch | 51 ---- ...ove-references-to-sepolgen-permissio.patch | 34 --- ...rm-Treat-rules-with-no-permissions-a.patch | 55 ----- ...d-explicit-cast-for-libspol-message-.patch | 52 ---- setools.spec | 14 +- sources | 2 +- 10 files changed, 7 insertions(+), 581 deletions(-) delete mode 100644 0001-Disable-remove-neverallow-options-in-sediff.patch delete mode 100644 0002-Improve-man-pages.patch delete mode 100644 0003-tox.ini-Change-environments-to-use-python-instead-of.patch delete mode 100644 0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch delete mode 100644 0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch delete mode 100644 0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch delete mode 100644 0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch diff --git a/.gitignore b/.gitignore index f4c80ed..26db9fc 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.4.0.tar.gz /4.4.1.tar.gz /4.4.2.tar.gz +/4.4.3.tar.gz diff --git a/0001-Disable-remove-neverallow-options-in-sediff.patch b/0001-Disable-remove-neverallow-options-in-sediff.patch deleted file mode 100644 index d34479a..0000000 --- a/0001-Disable-remove-neverallow-options-in-sediff.patch +++ /dev/null @@ -1,92 +0,0 @@ -From edf1a80fa41fa34ad849fbf5098eddd4c5339c18 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Tue, 9 May 2023 19:22:01 +0200 -Subject: [PATCH] Disable/remove neverallow options in sediff. -Content-type: text/plain - -Apply change from commit 06335957b701 ("Disable/remove neverallow -options in frontends.") to sediff - -Signed-off-by: Petr Lautrbach ---- - man/ru/sediff.1 | 4 ---- - man/sediff.1 | 4 ---- - sediff | 10 +++++++--- - 3 files changed, 7 insertions(+), 11 deletions(-) - -diff --git a/man/ru/sediff.1 b/man/ru/sediff.1 -index c6bf2939443f..af5d8efcf82c 100644 ---- a/man/ru/sediff.1 -+++ b/man/ru/sediff.1 -@@ -57,16 +57,12 @@ sediff \- утилита выявления различий политик SELi - Найти различия правил включения журналирования событий. - .IP "--dontaudit" - Найти различия правил запрета журналирования событий. --.IP "--neverallow" --Найти различия запрещающих правил. - .IP "--allowxperm" - Найти различия расширенных разрешительных правил. - .IP "--auditallowxperm" - Найти различия расширенных правил включения журналирования событий. - .IP "--dontauditxperm" - Найти различия расширенных правил запрета журналирования событий. --.IP "--neverallowxperm" --Найти различия расширенных запрещающих правил. - .IP "-T, --type_trans" - Найти различия правил перехода типов. - .IP "--type_member" -diff --git a/man/sediff.1 b/man/sediff.1 -index ed3b497db2c4..18466d8aeb68 100644 ---- a/man/sediff.1 -+++ b/man/sediff.1 -@@ -50,16 +50,12 @@ Find differences in allow rules. - Find differences in auditallow rules. - .IP "--dontaudit" - Find differences in dontaudit rules. --.IP "--neverallow" --Find differences in neverallow rules. - .IP "--allowxperm" - Find differences in allowxperm rules. - .IP "--auditallowxperm" - Find differences in auditallowxperm rules. - .IP "--dontauditxperm" - Find differences in dontauditxperm rules. --.IP "--neverallowxperm" --Find differences in neverallowxperm rules. - .IP "-T, --type_trans" - Find differences in type_transition rules. - .IP "--type_member" -diff --git a/sediff b/sediff -index b2fef9771f18..a39d6f5c8f57 100755 ---- a/sediff -+++ b/sediff -@@ -45,12 +45,12 @@ comp.add_argument("--level", action="store_true", help="Print MLS level definiti - terule = parser.add_argument_group("type enforcement rule differences") - terule.add_argument("-A", action="store_true", help="Print allow and allowxperm rule differences") - terule.add_argument("--allow", action="store_true", help="Print allow rule differences") --terule.add_argument("--neverallow", action="store_true", help="Print neverallow rule differences") -+# terule.add_argument("--neverallow", action="store_true", help="Print neverallow rule differences") - terule.add_argument("--auditallow", action="store_true", help="Print auditallow rule differences") - terule.add_argument("--dontaudit", action="store_true", help="Print dontaudit rule differences") - terule.add_argument("--allowxperm", action="store_true", help="Print allowxperm rule differences") --terule.add_argument("--neverallowxperm", action="store_true", -- help="Print neverallowxperm rule differences") -+# terule.add_argument("--neverallowxperm", action="store_true", -+# help="Print neverallowxperm rule differences") - terule.add_argument("--auditallowxperm", action="store_true", - help="Print auditallowxperm rule differences") - terule.add_argument("--dontauditxperm", action="store_true", -@@ -97,6 +97,10 @@ other.add_argument("--typebounds", action="store_true", help="Print typebounds d - - args = parser.parse_args() - -+# neverallow and neverallowxperm options are disabled -+args.neverallow = False -+args.neverallowxperm = False -+ - if args.A: - args.allow = True - args.allowxperm = True --- -2.41.0 - diff --git a/0002-Improve-man-pages.patch b/0002-Improve-man-pages.patch deleted file mode 100644 index 15552a2..0000000 --- a/0002-Improve-man-pages.patch +++ /dev/null @@ -1,225 +0,0 @@ -From 2fea8eb0d4aedbbdca2209ee904eb10df69737b8 Mon Sep 17 00:00:00 2001 -From: Vit Mojzis -Date: Thu, 11 May 2023 18:38:21 +0200 -Subject: [PATCH] Improve man pages -Content-type: text/plain - -- Add missing parameters -- Add examples -- Fix typos - -Signed-off-by: Vit Mojzis ---- - man/sechecker.1 | 6 +++--- - man/sediff.1 | 12 ++++++++++++ - man/sedta.1 | 9 +++++++++ - man/seinfo.1 | 25 +++++++++++++++++++++++++ - man/seinfoflow.1 | 9 +++++++++ - man/sesearch.1 | 12 ++++++++++++ - 6 files changed, 70 insertions(+), 3 deletions(-) - -diff --git a/man/sechecker.1 b/man/sechecker.1 -index 507b8615c26f..e32d6d6114ba 100644 ---- a/man/sechecker.1 -+++ b/man/sechecker.1 -@@ -81,7 +81,7 @@ A space-separated list of object class criteria for the query. - A space-separated list of permissions for the query. - - .PP --\fBA least one of the above options must be set in this check.\fR -+\fBAt least one of the above options must be set in this check.\fR - - .PP - Additional Options: -@@ -123,7 +123,7 @@ The source role criteria for the query. - The target role criteria for the query. - - .PP --\fBA least one of the above options must be set in this check.\fR -+\fBAt least one of the above options must be set in this check.\fR - - .PP - Additional Options: -@@ -205,7 +205,7 @@ executable types are read-only.\fR - .\} - .nf - [ro_execs] --check_type = empty_typeattr -+check_type = ro_execs - desc = Verify that the all executables and libraries are read-only. - .fi - .if n \{\ -diff --git a/man/sediff.1 b/man/sediff.1 -index 18466d8aeb68..9b189885ff3c 100644 ---- a/man/sediff.1 -+++ b/man/sediff.1 -@@ -84,6 +84,10 @@ Find differences in validatetrans rules. - Find differences in mlsvalidatetrans rules. - - .SS Labeling Statement Differences -+.IP "--ibendportcon" -+Find differences in ibendportcon (InfiniBand endport context) statements. -+.IP "--ibpkeycon" -+Find differences in ibpkeycon (InfiniBand parition key context) statements. - .IP "--initialsid" - Find differences in initial SID statements. - .IP "--fs_use" -@@ -136,6 +140,14 @@ For example, a class is modified if one or more permissions are added or removed - .RE - .PP - -+.SH EXAMPLE -+.nf -+Show differences in boolean settings -+# sediff -b /backup/policy.33 /etc/selinux/targeted/policy/policy.33 -+Show statistics for allow and allowxperm rule changes (how many rules where added, removed, or modified) -+#sediff -A --stats /backup/policy.33 /etc/selinux/targeted/policy/policy.33 -+ -+ - .SH AUTHOR - Chris PeBenito - -diff --git a/man/sedta.1 b/man/sedta.1 -index 1d84d92664e0..d3d21db6f172 100644 ---- a/man/sedta.1 -+++ b/man/sedta.1 -@@ -49,6 +49,8 @@ Specify the maximum number of domain transitions to output. The default is unlim - A space-separated list of types to exclude from the analysis. - - .SS General Options -+.IP "--full" -+Print rule lists for transitions. - .IP "--stats" - Print domain transition graph statistics at the end of the analysis. - .IP "-h, --help" -@@ -60,6 +62,13 @@ Print additional informational messages. - .IP "--debug" - Enable debugging output. - -+.SH EXAMPLE -+.nf -+Show the shortest transition paths from httpd_t to unconfined_t, while not using container_runtime_t -+# sedta -s httpd_t -t unconfined_t -S container_runtime_t -+List all domain transition paths shorter than 3 steps from init_t to smbd_t -+# sedta -s init_t -t smbd_t -A 3 -+ - .SH AUTHOR - Chris PeBenito - -diff --git a/man/seinfo.1 b/man/seinfo.1 -index 1adea9868d66..9e7cbde8c06e 100644 ---- a/man/seinfo.1 -+++ b/man/seinfo.1 -@@ -56,6 +56,10 @@ There is no expanded information for this component. - .IP "--genfscon [FS_TYPE]" - Print a list of genfscon statements or, if FS_TYPE is provided, print the statement for the named filesystem type. - There is no expanded information for this component. -+.IP "--ibpkeycon [PKEY[-PKEY]]" -+Print a list of InfiniBand parition key contexts. -+.IP "--ibendportcon [NAME]" -+Print a list of InfiniBand endport contexts. - .IP "--initialsid [NAME]" - Print a list of initial SIDs or, if NAME is provided, print the named initial SID. - With \fI-x\fR, print the context assigned to each displayed SID. -@@ -86,6 +90,18 @@ There is no expanded information for this component. - .IP "--all" - Print all components. - -+.IP "\fB Xen Component Queries: \fR" -+.IP "--ioportcon" -+Print all ioportcon statements. -+.IP "--iomemcon" -+Print all iomemcon statements. -+.IP "--pcidevicecon" -+Print all pcidevicecon statements. -+.IP "--pirqcon" -+Print all pirqcon statements. -+.IP "--devicetreecon" -+Print all devicetreecon statements. -+ - .SH OPTIONS - .IP "-x, --expand" - Print additional details for each component matching the expression. -@@ -101,6 +117,15 @@ Print additional informational messages. - .IP "--debug" - Enable debugging output. - -+.SH EXAMPLE -+.nf -+List aliases of and attributes assigned to type httpd_t -+# seinfo -t httpd_t -x -+List all executable types (all types assigned to "exec_type" attribute) -+# seinfo -a exec_type -x -+List all constrains and mlsconstrains for class "file" -+# seinfo --constrain file -+ - .SH AUTHOR - Chris PeBenito - -diff --git a/man/seinfoflow.1 b/man/seinfoflow.1 -index 2e4a261606bf..75763d6f2378 100644 ---- a/man/seinfoflow.1 -+++ b/man/seinfoflow.1 -@@ -54,6 +54,8 @@ A space-separated list of types to exclude from the analysis. - Print information flow graph statistics at the end of the analysis. - .IP "-h, --help" - Print help information and exit. -+.IP "--full" -+Print full rule lists for information flows. - .IP "--version" - Print version information and exit. - .IP "-v, --verbose" -@@ -61,6 +63,13 @@ Print additional informational messages. - .IP "--debug" - Enable debugging output. - -+.SH EXAMPLE -+.nf -+Show the shortest paths for process running as httpd_t to access user home files, using permission map from /var/lib/sepolgen/perm_map -+# seinfoflow -m /var/lib/sepolgen/perm_map -s httpd_t -t user_home_t -S -+List all data paths shorter than 3 steps from smbd_t to httpd_log_t, when samba_enable_home_dirs and samba_create_home_dirs booleans are enabled -+# seinfoflow -m /var/lib/sepolgen/perm_map -s smbd_t -t user_home_t -A 3 -b "samba_enable_home_dirs:true,samba_create_home_dirs:true" -+ - .SH AUTHOR - Chris PeBenito - -diff --git a/man/sesearch.1 b/man/sesearch.1 -index 35f16c4ba33e..edc18346673c 100644 ---- a/man/sesearch.1 -+++ b/man/sesearch.1 -@@ -48,6 +48,7 @@ Find type_change rules. - Find role allow rules. - .IP "--role_trans" - Find role_transition rules. -+.IP "Note: TE/MLS rule searches cannot be mixed with RBAC rule searches" - - .SS MLS Rule Types - .IP "--range_trans" -@@ -80,6 +81,8 @@ A matching rule must have the specified target attribute/type/role explicitly, i - A matching rule must have all specified Booleans, instead of matching any of the specified Boolean. - .IP "-ep" - A matching rule must have exactly the specified permissions, instead of matching any of the specified permission. -+.IP "-ex" -+A matching rule must have exactly the specified extended permissions, instead of matching any listed extended permission. - .IP "-Sp" - A matching rule must have permissions where are a superset of the specified permissions, instead of matching any of the permissions. - .IP "-rs" -@@ -103,6 +106,15 @@ Print additional informational messages. - .IP "--debug" - Enable debugging output. - -+.SH EXAMPLE -+.nf -+List allow (and allowxperm) rules for accessing files labeled container_file_t from domains with attribute container_domain -+# sesearch -A -s container_domain -t container_file_t -c file -+List allow and dontaudit rules for accessing chr_files labeled container_file_t, that are controlled by boolean container_use_devices -+# sesearch -A --dontaudit -t container_file_t -c chr_file -b container_use_devices -+List dontaudit rules assigned via application_domain_type attribute (rules concerning specific types with that attribute are excluded) -+# sesearch --dontaudit -s application_domain_type -ds -+ - .SH AUTHOR - Chris PeBenito - --- -2.41.0 - diff --git a/0003-tox.ini-Change-environments-to-use-python-instead-of.patch b/0003-tox.ini-Change-environments-to-use-python-instead-of.patch deleted file mode 100644 index a49f91f..0000000 --- a/0003-tox.ini-Change-environments-to-use-python-instead-of.patch +++ /dev/null @@ -1,62 +0,0 @@ -From 6425b45e2748605b99d4e45b286fbf5bb8e8243e Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Mon, 17 Jul 2023 16:45:01 -0400 -Subject: [PATCH] tox.ini: Change environments to use "python" instead of "py". -Content-type: text/plain - -Signed-off-by: Chris PeBenito ---- - .github/workflows/tests.yml | 12 ++++++------ - tox.ini | 8 ++++---- - 2 files changed, 10 insertions(+), 10 deletions(-) - -diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml -index eb443ae7f0f7..c3c8d552ca15 100644 ---- a/.github/workflows/tests.yml -+++ b/.github/workflows/tests.yml -@@ -27,12 +27,12 @@ jobs: - - matrix: - build-opts: -- - {python: '3.6', tox: py36} -- - {python: '3.7', tox: py37} -- - {python: '3.8', tox: py38} -- - {python: '3.9', tox: py39} -- - {python: '3.10', tox: py310} -- - {python: '3.11', tox: py311} -+ - {python: '3.6', tox: python3.6} -+ - {python: '3.7', tox: python3.7} -+ - {python: '3.8', tox: python3.8} -+ - {python: '3.9', tox: python3.9} -+ - {python: '3.10', tox: python3.10} -+ - {python: '3.11', tox: python3.11} - - {python: '3.6', tox: pep8} - - {python: '3.6', tox: lint} - - {python: '3.6', tox: mypy} -diff --git a/tox.ini b/tox.ini -index b2f6b51858e6..a668bb3de425 100644 ---- a/tox.ini -+++ b/tox.ini -@@ -1,6 +1,6 @@ - [tox] - minversion = 1.4 --envlist = py3, pep8, lint, mypy -+envlist = python3, pep8, lint, mypy - - [pycodestyle] - max-line-length = 100 -@@ -53,8 +53,8 @@ passenv = USERSPACE_SRC - deps = networkx>=2.0 - cython>=0.27 - pytest -- py38: cython>=0.29.14 -- py39: networkx>=2.6 -- py39: cython>=0.29.14 -+ python38: cython>=0.29.14 -+ python39: networkx>=2.6 -+ python39: cython>=0.29.14 - commands_pre = {envpython} setup.py build_ext -i - commands = pytest tests --- -2.41.0 - diff --git a/0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch b/0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch deleted file mode 100644 index 14e7864..0000000 --- a/0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 8ec295066289cf74df0e3f2c6e068abe503f1121 Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Wed, 21 Jun 2023 08:56:08 -0400 -Subject: [PATCH] seinfoflow: Add -r option to get flows into the source type. -Content-type: text/plain - -Signed-off-by: Chris PeBenito ---- - man/seinfoflow.1 | 2 ++ - seinfoflow | 5 ++++- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/man/seinfoflow.1 b/man/seinfoflow.1 -index 75763d6f2378..63c70c0e7b14 100644 ---- a/man/seinfoflow.1 -+++ b/man/seinfoflow.1 -@@ -50,6 +50,8 @@ Specify the maximum number of information flows to output. The default is unlimi - A space-separated list of types to exclude from the analysis. - - .SS General Options -+.IP "-r, --reverse" -+Display information flows into the source type. No effect if a target type is specified. - .IP "--stats" - Print information flow graph statistics at the end of the analysis. - .IP "-h, --help" -diff --git a/seinfoflow b/seinfoflow -index 5f4e7642ecf9..9bd1bec41da8 100755 ---- a/seinfoflow -+++ b/seinfoflow -@@ -42,6 +42,9 @@ alg.add_argument("-A", "--all_paths", type=int, metavar="MAX_STEPS", - help="Calculate all paths, with the specified maximum path length. (Expensive)") - - opts = parser.add_argument_group("Analysis options") -+opts.add_argument("-r", "--reverse", action="store_false", -+ help="Display information flows into the source type. " -+ "No effect if a target type is specified.") - opts.add_argument("-w", "--min_weight", default=3, type=int, - help="Minimum permission weight. Default is 3.") - opts.add_argument("-l", "--limit_flows", default=0, type=int, -@@ -119,7 +122,7 @@ try: - - else: # single direct info flow - flownum = 0 -- for flownum, flow in enumerate(g.infoflows(args.source), start=1): -+ for flownum, flow in enumerate(g.infoflows(args.source, out=args.reverse), start=1): - print("Flow {0}: {1} -> {2}".format(flownum, flow.source, flow.target)) - - if args.full: --- -2.41.0 - diff --git a/0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch b/0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch deleted file mode 100644 index f1ed9e7..0000000 --- a/0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 32ebd2c802ca0fcf3b920b298f0d2d8b2972cfa9 Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Wed, 21 Jun 2023 08:56:53 -0400 -Subject: [PATCH] seinfoflow.1: Remove references to sepolgen permission map. -Content-type: text/plain - -SETools ships with its own so that it is usable on non-SELinux systems. - -Signed-off-by: Chris PeBenito ---- - man/seinfoflow.1 | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/man/seinfoflow.1 b/man/seinfoflow.1 -index 63c70c0e7b14..e482520a8b82 100644 ---- a/man/seinfoflow.1 -+++ b/man/seinfoflow.1 -@@ -67,10 +67,10 @@ Enable debugging output. - - .SH EXAMPLE - .nf --Show the shortest paths for process running as httpd_t to access user home files, using permission map from /var/lib/sepolgen/perm_map --# seinfoflow -m /var/lib/sepolgen/perm_map -s httpd_t -t user_home_t -S -+Show the shortest paths for process running as httpd_t to access user home files, using the default permission map: -+# seinfoflow -s httpd_t -t user_home_t -S - List all data paths shorter than 3 steps from smbd_t to httpd_log_t, when samba_enable_home_dirs and samba_create_home_dirs booleans are enabled --# seinfoflow -m /var/lib/sepolgen/perm_map -s smbd_t -t user_home_t -A 3 -b "samba_enable_home_dirs:true,samba_create_home_dirs:true" -+# seinfoflow -s smbd_t -t user_home_t -A 3 -b "samba_enable_home_dirs:true,samba_create_home_dirs:true" - - .SH AUTHOR - Chris PeBenito --- -2.41.0 - diff --git a/0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch b/0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch deleted file mode 100644 index 8b8df96..0000000 --- a/0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch +++ /dev/null @@ -1,55 +0,0 @@ -From 725d224e8dd8af3a5a56c71b9de7936d098cae61 Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Tue, 16 May 2023 13:21:09 -0400 -Subject: [PATCH] AVRule/AVRuleXperm: Treat rules with no permissions as - invalid policy. -Content-type: text/plain - -Signed-off-by: Chris PeBenito ---- - setools/policyrep/terule.pxi | 22 ++++++++++++++++++++++ - 1 file changed, 22 insertions(+) - -diff --git a/setools/policyrep/terule.pxi b/setools/policyrep/terule.pxi -index 6c869ed08ad9..4f4a95f553bc 100644 ---- a/setools/policyrep/terule.pxi -+++ b/setools/policyrep/terule.pxi -@@ -120,6 +120,17 @@ cdef class AVRule(BaseTERule): - r._conditional = conditional - r._conditional_block = conditional_block - r.origin = None -+ -+ if not r.perms: -+ rule_string = f"{r.ruletype} {r.source} {r.target}:{r.tclass} {{ }};" -+ try: -+ rule_string += f" [ {r.conditional} ]:{r.conditional_block}" -+ except RuleNotConditional: -+ pass -+ -+ raise LowLevelPolicyError("Invalid policy: Found a rule with no permissions: " -+ f"{rule_string}") -+ - return r - - def __hash__(self): -@@ -319,6 +330,17 @@ cdef class AVRuleXperm(BaseTERule): - r._conditional = conditional - r._conditional_block = conditional_block - r.origin = None -+ -+ if not perms: -+ rule_string = f"{r.ruletype} {r.source} {r.target}:{r.tclass} {r.xperm_type} {{ }};" -+ try: -+ rule_string += f" [ {r.conditional} ]:{r.conditional_block}" -+ except RuleNotConditional: -+ pass -+ -+ raise LowLevelPolicyError( -+ f"Invalid policy: Found a rule with no extended permissions: {rule_string}.") -+ - return r - - def __hash__(self): --- -2.41.0 - diff --git a/0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch b/0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch deleted file mode 100644 index caa96f3..0000000 --- a/0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch +++ /dev/null @@ -1,52 +0,0 @@ -From fc443b5a0379f3644e071a458e996ea6115ccba3 Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Mon, 17 Jul 2023 16:08:21 -0400 -Subject: [PATCH] SELinuxPolicy: Add explicit cast for libspol message - callback. -Content-type: text/plain - -Cython 3.0 is more strict. The change fixes this issue: - -setools/policyrep/selinuxpolicy.pxi:685:46: Cannot assign type 'void (void *, sepol_handle_t *, const char *, ...) except *' to 'msg_callback' - -Additionally, the msg_callback is not typedef-ed in sepol/debug.h, so it must -be explicitly defined in sepol.pxd for the casting to work. - -Signed-off-by: Chris PeBenito ---- - setools/policyrep/selinuxpolicy.pxi | 2 +- - setools/policyrep/sepol.pxd | 4 +++- - 2 files changed, 4 insertions(+), 2 deletions(-) - -diff --git a/setools/policyrep/selinuxpolicy.pxi b/setools/policyrep/selinuxpolicy.pxi -index 9267a0c43abc..236316f1c6c5 100644 ---- a/setools/policyrep/selinuxpolicy.pxi -+++ b/setools/policyrep/selinuxpolicy.pxi -@@ -668,7 +668,7 @@ cdef class SELinuxPolicy: - if self.sh == NULL: - raise MemoryError - -- sepol.sepol_msg_set_callback(self.sh, sepol_logging_callback, self.handle) -+ sepol.sepol_msg_set_callback(self.sh, sepol_logging_callback, self.handle) - - if sepol.sepol_policydb_create(&self.handle) < 0: - raise MemoryError -diff --git a/setools/policyrep/sepol.pxd b/setools/policyrep/sepol.pxd -index 769498f2c5fd..36589ed1a607 100644 ---- a/setools/policyrep/sepol.pxd -+++ b/setools/policyrep/sepol.pxd -@@ -16,8 +16,10 @@ cdef extern from "": - void sepol_handle_destroy(sepol_handle_t *sh) - - -+ctypedef void (*msg_callback)(void *varg, sepol_handle_t *handle, const char *fmt, ...) -+ -+ - cdef extern from "": -- ctypedef void (*msg_callback)(void *varg, sepol_handle_t *handle, const char *fmt, ...) - void sepol_msg_set_callback(sepol_handle * handle, msg_callback cb, void *cb_arg) - - --- -2.41.0 - diff --git a/setools.spec b/setools.spec index 04ac4bf..420188c 100644 --- a/setools.spec +++ b/setools.spec @@ -2,8 +2,8 @@ %global selinux_ver 3.5-1 Name: setools -Version: 4.4.2 -Release: 4%{?dist} +Version: 4.4.3 +Release: 1%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -11,13 +11,6 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch0001: 0001-Disable-remove-neverallow-options-in-sediff.patch -Patch0002: 0002-Improve-man-pages.patch -Patch0003: 0003-tox.ini-Change-environments-to-use-python-instead-of.patch -Patch0004: 0004-seinfoflow-Add-r-option-to-get-flows-into-the-source.patch -Patch0005: 0005-seinfoflow.1-Remove-references-to-sepolgen-permissio.patch -Patch0006: 0006-AVRule-AVRuleXperm-Treat-rules-with-no-permissions-a.patch -Patch0007: 0007-SELinuxPolicy-Add-explicit-cast-for-libspol-message-.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison @@ -151,6 +144,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Wed Aug 9 2023 Petr Lautrbach - 4.4.3-1 +- SETools 4.4.3 release + * Wed Jul 26 2023 Petr Lautrbach - 4.4.2-4 - Disable/remove neverallow options in sediff. - Improve man pages diff --git a/sources b/sources index 361fad1..edf09a7 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.4.2.tar.gz) = b5117c5de1503e25183c2a1af92cd015320dd37e0cf26b8e09bd5d0ff879734d2f9c301def2a40b476c1ed1960f9ee04ae13b284df73f39f743004104ac85fb1 +SHA512 (4.4.3.tar.gz) = dcea6f10af0f46cb7f06aa1b29a757de7dbc30b52fe705c51a4f395d6cc25bfc7b78c15b6fc5c09ec05a2bbe8316bc79b87156304de5fe098040007d33a70143 From 3eb6ca82a81263ef74d400af8303c105a23676f6 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 28 Aug 2023 17:16:21 +0200 Subject: [PATCH 58/78] setools-4.4.3-2 - Use Qt 6 --- 0001-Use-the-The-New-Python-Enums.patch | 1895 +++++++++++++++++++++++ 0002-Use-PyQt6.patch | 1121 ++++++++++++++ setools.spec | 10 +- 3 files changed, 3023 insertions(+), 3 deletions(-) create mode 100644 0001-Use-the-The-New-Python-Enums.patch create mode 100644 0002-Use-PyQt6.patch diff --git a/0001-Use-the-The-New-Python-Enums.patch b/0001-Use-the-The-New-Python-Enums.patch new file mode 100644 index 0000000..8fead1e --- /dev/null +++ b/0001-Use-the-The-New-Python-Enums.patch @@ -0,0 +1,1895 @@ +From abe184f4899cdab53f5b5c69f00c2eec64176517 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Mon, 28 Aug 2023 19:07:06 +0200 +Subject: [PATCH] Use the The New Python Enums +Content-type: text/plain + +https://doc.qt.io/qtforpython-6/considerations.html#the-new-python-enums + +In PyQt5, it's possible to use members of enums in the same scope as +enums, e.g. Qt.red. This is not possible in PyQt6, but both PyQt5 and +PyQt6 support the new python enums - Qt.GlobalColor.red + +This change prepares the code for the future transition to PyQt6. + +Signed-off-by: Petr Lautrbach +--- + setoolsgui/apol/analysistab.py | 2 +- + setoolsgui/apol/boolquery.py | 8 +++---- + setoolsgui/apol/boundsquery.py | 6 +++--- + setoolsgui/apol/categoryquery.py | 8 +++---- + setoolsgui/apol/chooseanalysis.py | 2 +- + setoolsgui/apol/commonquery.py | 10 ++++----- + setoolsgui/apol/constraintquery.py | 10 ++++----- + setoolsgui/apol/defaultquery.py | 10 ++++----- + setoolsgui/apol/dta.py | 6 +++--- + setoolsgui/apol/excludetypes.py | 12 +++++------ + setoolsgui/apol/fsusequery.py | 6 +++--- + setoolsgui/apol/genfsconquery.py | 6 +++--- + setoolsgui/apol/ibendportconquery.py | 6 +++--- + setoolsgui/apol/ibpkeyconquery.py | 6 +++--- + setoolsgui/apol/infoflow.py | 8 +++---- + setoolsgui/apol/initsidquery.py | 6 +++--- + setoolsgui/apol/mainwindow.py | 32 ++++++++++++++-------------- + setoolsgui/apol/mlsrulequery.py | 8 +++---- + setoolsgui/apol/netifconquery.py | 6 +++--- + setoolsgui/apol/nodeconquery.py | 8 +++---- + setoolsgui/apol/objclassquery.py | 12 +++++------ + setoolsgui/apol/permmapedit.py | 12 +++++------ + setoolsgui/apol/portconquery.py | 8 +++---- + setoolsgui/apol/rbacrulequery.py | 8 +++---- + setoolsgui/apol/rolequery.py | 10 ++++----- + setoolsgui/apol/sensitivityquery.py | 8 +++---- + setoolsgui/apol/terulequery.py | 16 +++++++------- + setoolsgui/apol/typeattrquery.py | 10 ++++----- + setoolsgui/apol/typequery.py | 10 ++++----- + setoolsgui/apol/userquery.py | 10 ++++----- + setoolsgui/apol/workspace.py | 8 +++---- + setoolsgui/boolmodel.py | 4 ++-- + setoolsgui/boundsmodel.py | 4 ++-- + setoolsgui/commonmodel.py | 4 ++-- + setoolsgui/constraintmodel.py | 4 ++-- + setoolsgui/defaultmodel.py | 4 ++-- + setoolsgui/details.py | 6 +++--- + setoolsgui/fsusemodel.py | 4 ++-- + setoolsgui/genfsconmodel.py | 4 ++-- + setoolsgui/ibendportconmodel.py | 4 ++-- + setoolsgui/ibpkeyconmodel.py | 4 ++-- + setoolsgui/initsidmodel.py | 4 ++-- + setoolsgui/listview.py | 6 +++--- + setoolsgui/mlsmodel.py | 4 ++-- + setoolsgui/mlsrulemodel.py | 4 ++-- + setoolsgui/models.py | 12 +++++------ + setoolsgui/netifconmodel.py | 4 ++-- + setoolsgui/nodeconmodel.py | 4 ++-- + setoolsgui/objclassmodel.py | 4 ++-- + setoolsgui/portconmodel.py | 4 ++-- + setoolsgui/rbacrulemodel.py | 4 ++-- + setoolsgui/rolemodel.py | 4 ++-- + setoolsgui/tableview.py | 6 +++--- + setoolsgui/terulemodel.py | 4 ++-- + setoolsgui/typeattrmodel.py | 4 ++-- + setoolsgui/typemodel.py | 4 ++-- + setoolsgui/usermodel.py | 4 ++-- + 57 files changed, 198 insertions(+), 198 deletions(-) + +diff --git a/setoolsgui/apol/analysistab.py b/setoolsgui/apol/analysistab.py +index 1ed803419331..bc3629ff274a 100644 +--- a/setoolsgui/apol/analysistab.py ++++ b/setoolsgui/apol/analysistab.py +@@ -100,7 +100,7 @@ class AnalysisTab(SEToolsWidget, QScrollArea, metaclass=TabRegistry): + self._check_query() + + def _check_query(self): +- button = self.buttonBox.button(QDialogButtonBox.Apply) ++ button = self.buttonBox.button(QDialogButtonBox.StandardButton.Apply) + enabled = not self.errors + button.setEnabled(enabled) + button.setToolTip("Run the analysis." if enabled else "There are errors in the tab.") +diff --git a/setoolsgui/apol/boolquery.py b/setoolsgui/apol/boolquery.py +index 5b0cdd8b4322..6116fe48a846 100644 +--- a/setoolsgui/apol/boolquery.py ++++ b/setoolsgui/apol/boolquery.py +@@ -57,13 +57,13 @@ class BoolQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # setup indications of errors on level/range + self.errors = set() + self.orig_palette = self.name.palette() + self.error_palette = self.name.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + + # set up processing thread +@@ -105,7 +105,7 @@ class BoolQueryTab(AnalysisTab): + def get_detail(self): + # .ui is set for single item selection. + index = self.bools.selectedIndexes()[0] +- item = self.bool_model.data(index, Qt.UserRole) ++ item = self.bool_model.data(index, Qt.ItemDataRole.UserRole) + + self.log.debug("Generating detail window for {0}".format(item)) + boolean_detail(self, item) +@@ -187,6 +187,6 @@ class BoolQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/boundsquery.py b/setoolsgui/apol/boundsquery.py +index 8944d1b7bf8a..5b90c2ee2ded 100644 +--- a/setoolsgui/apol/boundsquery.py ++++ b/setoolsgui/apol/boundsquery.py +@@ -52,13 +52,13 @@ class BoundsQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(1, Qt.AscendingOrder) ++ self.table_results.sortByColumn(1, Qt.SortOrder.AscendingOrder) + + # setup indications of errors on level/range + self.errors = set() + self.orig_palette = self.parent.palette() + self.error_palette = self.parent.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_parent_error() + self.clear_child_error() + +@@ -189,6 +189,6 @@ class BoundsQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/categoryquery.py b/setoolsgui/apol/categoryquery.py +index 884b4156d75a..598f163c335f 100644 +--- a/setoolsgui/apol/categoryquery.py ++++ b/setoolsgui/apol/categoryquery.py +@@ -57,13 +57,13 @@ class CategoryQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # setup indications of errors on level/range + self.errors = set() + self.orig_palette = self.name.palette() + self.error_palette = self.name.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + + # set up processing thread +@@ -105,7 +105,7 @@ class CategoryQueryTab(AnalysisTab): + def get_detail(self): + # .ui is set for single item selection. + index = self.cats.selectedIndexes()[0] +- item = self.category_model.data(index, Qt.UserRole) ++ item = self.category_model.data(index, Qt.ItemDataRole.UserRole) + + self.log.debug("Generating detail window for {0}".format(item)) + category_detail(self, item) +@@ -186,6 +186,6 @@ class CategoryQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/chooseanalysis.py b/setoolsgui/apol/chooseanalysis.py +index 892abdaac5f9..155ae6d2f4ae 100644 +--- a/setoolsgui/apol/chooseanalysis.py ++++ b/setoolsgui/apol/chooseanalysis.py +@@ -52,7 +52,7 @@ class ChooseAnalysis(SEToolsWidget, QDialog): + groupitem.addChild(item) + + self.analysisTypes.expandAll() +- self.analysisTypes.sortByColumn(0, Qt.AscendingOrder) ++ self.analysisTypes.sortByColumn(0, Qt.SortOrder.AscendingOrder) + super(ChooseAnalysis, self).show() + + def accept(self, item=None): +diff --git a/setoolsgui/apol/commonquery.py b/setoolsgui/apol/commonquery.py +index e90ec543666b..8fb11e87290d 100644 +--- a/setoolsgui/apol/commonquery.py ++++ b/setoolsgui/apol/commonquery.py +@@ -65,13 +65,13 @@ class CommonQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # setup indications of errors + self.errors = set() + self.orig_palette = self.name.palette() + self.error_palette = self.name.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + + # set up processing thread +@@ -116,7 +116,7 @@ class CommonQueryTab(AnalysisTab): + def get_detail(self): + # .ui is set for single item selection. + index = self.commons.selectedIndexes()[0] +- item = self.common_model.data(index, Qt.UserRole) ++ item = self.common_model.data(index, Qt.ItemDataRole.UserRole) + + self.log.debug("Generating detail window for {0}".format(item)) + common_detail(self, item) +@@ -146,7 +146,7 @@ class CommonQueryTab(AnalysisTab): + def set_perms(self): + selected_perms = [] + for index in self.perms.selectionModel().selectedIndexes(): +- selected_perms.append(self.perms_model.data(index, Qt.UserRole)) ++ selected_perms.append(self.perms_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.perms = selected_perms + +@@ -212,6 +212,6 @@ class CommonQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/constraintquery.py b/setoolsgui/apol/constraintquery.py +index cfa841b22cb5..ee64db0ca1df 100644 +--- a/setoolsgui/apol/constraintquery.py ++++ b/setoolsgui/apol/constraintquery.py +@@ -84,7 +84,7 @@ class ConstraintQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.type_.palette() + self.error_palette = self.type_.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_user_error() + self.clear_type_error() + self.clear_role_error() +@@ -94,7 +94,7 @@ class ConstraintQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -173,7 +173,7 @@ class ConstraintQueryTab(AnalysisTab): + def set_tclass(self): + selected_classes = [] + for index in self.tclass.selectionModel().selectedIndexes(): +- selected_classes.append(self.class_model.data(index, Qt.UserRole)) ++ selected_classes.append(self.class_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.tclass = selected_classes + self.perms_model.set_classes(selected_classes) +@@ -187,7 +187,7 @@ class ConstraintQueryTab(AnalysisTab): + def set_perms(self): + selected_perms = [] + for index in self.perms.selectionModel().selectedIndexes(): +- selected_perms.append(self.perms_model.data(index, Qt.UserRole)) ++ selected_perms.append(self.perms_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.perms = selected_perms + +@@ -323,6 +323,6 @@ class ConstraintQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/defaultquery.py b/setoolsgui/apol/defaultquery.py +index 1efa3c468738..e09692ee6a46 100644 +--- a/setoolsgui/apol/defaultquery.py ++++ b/setoolsgui/apol/defaultquery.py +@@ -52,7 +52,7 @@ class DefaultQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(1, Qt.AscendingOrder) ++ self.table_results.sortByColumn(1, Qt.SortOrder.AscendingOrder) + + # populate class list + self.class_model = SEToolsListModel(self) +@@ -124,7 +124,7 @@ class DefaultQueryTab(AnalysisTab): + def set_tclass(self): + selected_classes = [] + for index in self.tclass.selectionModel().selectedIndexes(): +- selected_classes.append(self.class_model.data(index, Qt.UserRole)) ++ selected_classes.append(self.class_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.tclass = selected_classes + +@@ -163,10 +163,10 @@ class DefaultQueryTab(AnalysisTab): + rule_types.append(mode.objectName()) + + self.query.ruletype = rule_types +- self.query.default = self.default_value.currentData(Qt.UserRole) ++ self.query.default = self.default_value.currentData(Qt.ItemDataRole.UserRole) + + if self.default_range_value.isEnabled(): +- self.query.default_range = self.default_range_value.currentData(Qt.UserRole) ++ self.query.default_range = self.default_range_value.currentData(Qt.ItemDataRole.UserRole) + else: + self.query.default_range = None + +@@ -193,6 +193,6 @@ class DefaultQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py +index a78d96095b28..8bbed4dbe21f 100644 +--- a/setoolsgui/apol/dta.py ++++ b/setoolsgui/apol/dta.py +@@ -62,7 +62,7 @@ class DomainTransitionAnalysisTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.source.palette() + self.error_palette = self.source.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_source_error() + self.clear_target_error() + +@@ -281,7 +281,7 @@ class DomainTransitionAnalysisTab(AnalysisTab): + + print_transition(self.browser_details.appendPlainText, current.rules) + +- self.browser_details.moveCursor(QTextCursor.Start) ++ self.browser_details.moveCursor(QTextCursor.MoveOperation.Start) + + if not current.child_populated: + self.busy.setLabelText("Gathering additional browser details for {0}...".format( +@@ -337,7 +337,7 @@ class DomainTransitionAnalysisTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + if self.flows_in.isChecked() or self.flows_out.isChecked(): + # move to browser tab for transitions in/out +diff --git a/setoolsgui/apol/excludetypes.py b/setoolsgui/apol/excludetypes.py +index bee73c58dc66..1c4beaf84542 100644 +--- a/setoolsgui/apol/excludetypes.py ++++ b/setoolsgui/apol/excludetypes.py +@@ -40,14 +40,14 @@ class ExcludeTypes(SEToolsWidget, QDialog): + if t not in self.initial_excluded_list] + self.included_sort = FilterByAttributeProxy(self) + self.included_sort.setSourceModel(self.included_model) +- self.included_sort.sort(0, Qt.AscendingOrder) ++ self.included_sort.sort(0, Qt.SortOrder.AscendingOrder) + self.included_types.setModel(self.included_sort) + + self.excluded_model = SEToolsListModel(self) + self.excluded_model.item_list = self.initial_excluded_list + self.excluded_sort = FilterByAttributeProxy(self) + self.excluded_sort.setSourceModel(self.excluded_model) +- self.excluded_sort.sort(0, Qt.AscendingOrder) ++ self.excluded_sort.sort(0, Qt.SortOrder.AscendingOrder) + self.excluded_types.setModel(self.excluded_sort) + + # connect signals +@@ -62,7 +62,7 @@ class ExcludeTypes(SEToolsWidget, QDialog): + selected_types = [] + for index in self.excluded_types.selectionModel().selectedIndexes(): + source_index = self.excluded_sort.mapToSource(index) +- item = self.excluded_model.data(source_index, Qt.UserRole) ++ item = self.excluded_model.data(source_index, Qt.ItemDataRole.UserRole) + self.included_model.append(item) + selected_types.append(item) + +@@ -81,7 +81,7 @@ class ExcludeTypes(SEToolsWidget, QDialog): + selected_types = [] + for index in self.included_types.selectionModel().selectedIndexes(): + source_index = self.included_sort.mapToSource(index) +- item = self.included_model.data(source_index, Qt.UserRole) ++ item = self.included_model.data(source_index, Qt.ItemDataRole.UserRole) + self.excluded_model.append(item) + selected_types.append(item) + +@@ -95,7 +95,7 @@ class ExcludeTypes(SEToolsWidget, QDialog): + + def set_attr_filter(self, row): + index = self.attr_model.index(row) +- attr = self.attr_model.data(index, Qt.UserRole) ++ attr = self.attr_model.data(index, Qt.ItemDataRole.UserRole) + self.log.debug("Attribute set to {0!r}".format(attr)) + self.included_sort.attr = attr + self.excluded_sort.attr = attr +@@ -126,7 +126,7 @@ class FilterByAttributeProxy(QSortFilterProxyModel): + if self.attr: + source = self.sourceModel() + index = source.index(row) +- item = source.data(index, Qt.UserRole) ++ item = source.data(index, Qt.ItemDataRole.UserRole) + if item not in self.attr: + return False + +diff --git a/setoolsgui/apol/fsusequery.py b/setoolsgui/apol/fsusequery.py +index 9bb192b30232..4e7567f4e4c6 100644 +--- a/setoolsgui/apol/fsusequery.py ++++ b/setoolsgui/apol/fsusequery.py +@@ -74,7 +74,7 @@ class FSUseQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.type_.palette() + self.error_palette = self.type_.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_fs_error() + self.clear_user_error() + self.clear_type_error() +@@ -86,7 +86,7 @@ class FSUseQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(1, Qt.AscendingOrder) ++ self.table_results.sortByColumn(1, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -312,6 +312,6 @@ class FSUseQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/genfsconquery.py b/setoolsgui/apol/genfsconquery.py +index 22112a8fb7bf..33dbed787cd6 100644 +--- a/setoolsgui/apol/genfsconquery.py ++++ b/setoolsgui/apol/genfsconquery.py +@@ -74,7 +74,7 @@ class GenfsconQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.type_.palette() + self.error_palette = self.type_.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_fs_error() + self.clear_path_error() + self.clear_user_error() +@@ -87,7 +87,7 @@ class GenfsconQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -312,6 +312,6 @@ class GenfsconQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/ibendportconquery.py b/setoolsgui/apol/ibendportconquery.py +index 6db99c2b5e0f..18252dd23de0 100644 +--- a/setoolsgui/apol/ibendportconquery.py ++++ b/setoolsgui/apol/ibendportconquery.py +@@ -74,7 +74,7 @@ class IbendportconQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.type_.palette() + self.error_palette = self.type_.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + self.clear_port_error() + self.clear_user_error() +@@ -87,7 +87,7 @@ class IbendportconQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -304,6 +304,6 @@ class IbendportconQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/ibpkeyconquery.py b/setoolsgui/apol/ibpkeyconquery.py +index 3efd342145f1..b7a78bf908a0 100644 +--- a/setoolsgui/apol/ibpkeyconquery.py ++++ b/setoolsgui/apol/ibpkeyconquery.py +@@ -74,7 +74,7 @@ class IbpkeyconQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.type_.palette() + self.error_palette = self.type_.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_subnet_prefix_error() + self.clear_pkeys_error() + self.clear_user_error() +@@ -87,7 +87,7 @@ class IbpkeyconQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -317,6 +317,6 @@ class IbpkeyconQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py +index fb9b4099cfc0..526f3074e143 100644 +--- a/setoolsgui/apol/infoflow.py ++++ b/setoolsgui/apol/infoflow.py +@@ -75,7 +75,7 @@ class InfoFlowAnalysisTab(AnalysisTab): + + # set up error message for missing perm map + self.error_msg = QMessageBox(self) +- self.error_msg.setStandardButtons(QMessageBox.Ok) ++ self.error_msg.setStandardButtons(QMessageBox.StandardButton.Ok) + + # set up perm map editor + self.permmap_editor = PermissionMapEditor(self, False) +@@ -93,7 +93,7 @@ class InfoFlowAnalysisTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.source.palette() + self.error_palette = self.source.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_source_error() + self.clear_target_error() + +@@ -325,7 +325,7 @@ class InfoFlowAnalysisTab(AnalysisTab): + for rule in current.rules: + self.browser_details.appendPlainText(rule) + +- self.browser_details.moveCursor(QTextCursor.Start) ++ self.browser_details.moveCursor(QTextCursor.MoveOperation.Start) + + if not current.child_populated: + self.busy.setLabelText("Gathering additional browser details for {0}...".format( +@@ -390,7 +390,7 @@ class InfoFlowAnalysisTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + if self.flows_in.isChecked() or self.flows_out.isChecked(): + # move to browser tab for flows in/out +diff --git a/setoolsgui/apol/initsidquery.py b/setoolsgui/apol/initsidquery.py +index b31c9986b3a5..d01f87130925 100644 +--- a/setoolsgui/apol/initsidquery.py ++++ b/setoolsgui/apol/initsidquery.py +@@ -74,7 +74,7 @@ class InitialSIDQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.type_.palette() + self.error_palette = self.type_.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + self.clear_user_error() + self.clear_type_error() +@@ -86,7 +86,7 @@ class InitialSIDQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -287,6 +287,6 @@ class InitialSIDQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/mainwindow.py b/setoolsgui/apol/mainwindow.py +index 3cdb11d3e32e..dcbfb7590ef7 100644 +--- a/setoolsgui/apol/mainwindow.py ++++ b/setoolsgui/apol/mainwindow.py +@@ -60,20 +60,20 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): + + # set up error message dialog + self.error_msg = QMessageBox(self) +- self.error_msg.setStandardButtons(QMessageBox.Ok) ++ self.error_msg.setStandardButtons(QMessageBox.StandardButton.Ok) + + # set up permission map editor + self.permmap_editor = PermissionMapEditor(self, True) + + # set up tab name editor + self.tab_editor = QLineEdit(self.AnalysisTabs) +- self.tab_editor.setWindowFlags(Qt.Popup) ++ self.tab_editor.setWindowFlags(Qt.WindowType.Popup) + + # configure tab bar context menu + tabBar = self.AnalysisTabs.tabBar() + tabBar.addAction(self.rename_tab_action) + tabBar.addAction(self.close_tab_action) +- tabBar.setContextMenuPolicy(Qt.ActionsContextMenu) ++ tabBar.setContextMenuPolicy(Qt.ContextMenuPolicy.ActionsContextMenu) + + # capture INFO and higher Python messages from setools lib for status bar + handler = LogHandlerToSignal() +@@ -127,9 +127,9 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): + reply = QMessageBox.question( + self, "Continue?", + "Loading a policy will close all existing analyses. Continue?", +- QMessageBox.Yes | QMessageBox.No) ++ QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) + +- if reply == QMessageBox.No: ++ if reply == QMessageBox.StandardButton.No: + return + + filename = QFileDialog.getOpenFileName(self, "Open policy file", ".", +@@ -163,9 +163,9 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): + reply = QMessageBox.question( + self, "Continue?", + "Closing a policy will close all existing analyses. Continue?", +- QMessageBox.Yes | QMessageBox.No) ++ QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) + +- if reply == QMessageBox.No: ++ if reply == QMessageBox.StandardButton.No: + return + + self.AnalysisTabs.clear() +@@ -245,7 +245,7 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): + counted_name = "{0}: {1}".format(self.tab_counter, tabtitle) + + newanalysis = tabclass(self, self._policy, self._permmap) +- newanalysis.setAttribute(Qt.WA_DeleteOnClose) ++ newanalysis.setAttribute(Qt.WidgetAttribute.WA_DeleteOnClose) + newanalysis.setObjectName(counted_name) + + index = self.AnalysisTabs.addTab(newanalysis, counted_name) +@@ -444,9 +444,9 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): + reply = QMessageBox.question( + self, "Continue?", + "Loading a workspace will close all existing analyses. Continue?", +- QMessageBox.Yes | QMessageBox.No) ++ QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) + +- if reply == QMessageBox.No: ++ if reply == QMessageBox.StandardButton.No: + return + + # 2. try to load the workspace file, if we fail, bail +@@ -633,7 +633,7 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): + + def apol_help(self): + """Open the main help window.""" +- if self.help_process.state() != QProcess.NotRunning: ++ if self.help_process.state() != QProcess.ProcessState.NotRunning: + return + + distro = pkg_resources.get_distribution("setools") +@@ -648,7 +648,7 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): + @pyqtSlot(QProcess.ProcessError) + def help_failed(self, error): + """Starting assistant failed.""" +- if error != QProcess.FailedToStart: ++ if error != QProcess.ProcessError.FailedToStart: + return + + self.log.error("Failed to start Qt assistant {}.".format(self.config.assistant)) +@@ -669,9 +669,9 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): + "This is typically in the assistant or qt5-assistant package. " + "Choose location of Qt Assistant executable?".format( + self.config.assistant), +- QMessageBox.Yes | QMessageBox.No) ++ QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) + +- if reply == QMessageBox.No: ++ if reply == QMessageBox.StandardButton.No: + return + + filename = QFileDialog.getOpenFileName(self, "Location of qt-assistant executable", +@@ -689,12 +689,12 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): + @pyqtSlot(str) + def set_help(self, location): + """Set the help window to the specified document.""" +- if self.help_process.state() == QProcess.NotStarted: ++ if self.help_process.state() == QProcess.ProcessState.NotRunning: + self.apol_help() + if not self.help_process.waitForStarted(): + self.log.warning("Timed out waiting for Qt assistant to start.") + return +- elif self.help_process.state() == QProcess.Starting: ++ elif self.help_process.state() == QProcess.ProcessState.Starting: + if not self.help_process.waitForStarted(): + self.log.warning("Timed out waiting for Qt assistant to start.") + return +diff --git a/setoolsgui/apol/mlsrulequery.py b/setoolsgui/apol/mlsrulequery.py +index ba2be4597982..bb554ade6657 100644 +--- a/setoolsgui/apol/mlsrulequery.py ++++ b/setoolsgui/apol/mlsrulequery.py +@@ -61,7 +61,7 @@ class MLSRuleQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.source.palette() + self.error_palette = self.source.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_source_error() + self.clear_target_error() + self.clear_default_error() +@@ -76,7 +76,7 @@ class MLSRuleQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(1, Qt.AscendingOrder) ++ self.table_results.sortByColumn(1, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -181,7 +181,7 @@ class MLSRuleQueryTab(AnalysisTab): + def set_tclass(self): + selected_classes = [] + for index in self.tclass.selectionModel().selectedIndexes(): +- selected_classes.append(self.class_model.data(index, Qt.UserRole)) ++ selected_classes.append(self.class_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.tclass = selected_classes + +@@ -264,6 +264,6 @@ class MLSRuleQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/netifconquery.py b/setoolsgui/apol/netifconquery.py +index ca2405f7cae6..4cf3de1a9f5c 100644 +--- a/setoolsgui/apol/netifconquery.py ++++ b/setoolsgui/apol/netifconquery.py +@@ -74,7 +74,7 @@ class NetifconQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.type_.palette() + self.error_palette = self.type_.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + self.clear_user_error() + self.clear_type_error() +@@ -86,7 +86,7 @@ class NetifconQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -287,6 +287,6 @@ class NetifconQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/nodeconquery.py b/setoolsgui/apol/nodeconquery.py +index 320b0d616a67..81a33a794c05 100644 +--- a/setoolsgui/apol/nodeconquery.py ++++ b/setoolsgui/apol/nodeconquery.py +@@ -80,7 +80,7 @@ class NodeconQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.type_.palette() + self.error_palette = self.type_.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_network_error() + self.clear_user_error() + self.clear_type_error() +@@ -92,7 +92,7 @@ class NodeconQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -263,7 +263,7 @@ class NodeconQueryTab(AnalysisTab): + def run(self, button): + # right now there is only one button. + self.query.network_overlap = self.network_overlap.isChecked() +- self.query.ip_version = self.ip_version.currentData(Qt.UserRole) ++ self.query.ip_version = self.ip_version.currentData(Qt.ItemDataRole.UserRole) + self.query.range_overlap = self.range_overlap.isChecked() + self.query.range_subset = self.range_subset.isChecked() + self.query.range_superset = self.range_superset.isChecked() +@@ -291,6 +291,6 @@ class NodeconQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/objclassquery.py b/setoolsgui/apol/objclassquery.py +index 9744a187ade7..23c8188e8bbd 100644 +--- a/setoolsgui/apol/objclassquery.py ++++ b/setoolsgui/apol/objclassquery.py +@@ -66,13 +66,13 @@ class ObjClassQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # setup indications of errors on level/range + self.errors = set() + self.orig_palette = self.name.palette() + self.error_palette = self.name.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + + # set up processing thread +@@ -117,7 +117,7 @@ class ObjClassQueryTab(AnalysisTab): + def get_detail(self): + # .ui is set for single item selection. + index = self.classes.selectedIndexes()[0] +- item = self.class_model.data(index, Qt.UserRole) ++ item = self.class_model.data(index, Qt.ItemDataRole.UserRole) + + self.log.debug("Generating detail window for {0}".format(item)) + class_detail(self, item) +@@ -146,7 +146,7 @@ class ObjClassQueryTab(AnalysisTab): + # + def set_common(self): + for index in self.common.selectionModel().selectedIndexes(): +- self.query.common = self.common_model.data(index, Qt.UserRole) ++ self.query.common = self.common_model.data(index, Qt.ItemDataRole.UserRole) + break + else: + self.query.common = None +@@ -157,7 +157,7 @@ class ObjClassQueryTab(AnalysisTab): + def set_perms(self): + selected_perms = [] + for index in self.perms.selectionModel().selectedIndexes(): +- selected_perms.append(self.perms_model.data(index, Qt.UserRole)) ++ selected_perms.append(self.perms_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.perms = selected_perms + +@@ -224,6 +224,6 @@ class ObjClassQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/permmapedit.py b/setoolsgui/apol/permmapedit.py +index 97482b30e1a2..d1e0b01ce854 100644 +--- a/setoolsgui/apol/permmapedit.py ++++ b/setoolsgui/apol/permmapedit.py +@@ -86,7 +86,7 @@ class PermissionMapEditor(SEToolsWidget, QDialog): + def class_selected(self): + # the .ui is set to 1 selection + for index in self.classes.selectionModel().selectedIndexes(): +- class_name = self.class_model.data(index, Qt.DisplayRole) ++ class_name = self.class_model.data(index, Qt.ItemDataRole.DisplayRole) + + self.log.debug("Setting class to {0}".format(class_name)) + +@@ -99,15 +99,15 @@ class PermissionMapEditor(SEToolsWidget, QDialog): + for perm in sorted(self.perm_map.perms(class_name)): + # create permission mapping + mapping = PermissionMapping(self, perm, self.edit) +- mapping.setAttribute(Qt.WA_DeleteOnClose) ++ mapping.setAttribute(Qt.WidgetAttribute.WA_DeleteOnClose) + self.class_toggle.connect(mapping.enabled.setChecked) + self.perm_mappings.addWidget(mapping) + self.widgets.append(mapping) + + # add horizonal line + line = QFrame(self) +- line.setFrameShape(QFrame.HLine) +- line.setFrameShadow(QFrame.Sunken) ++ line.setFrameShape(QFrame.Shape.HLine) ++ line.setFrameShadow(QFrame.Shadow.Sunken) + self.perm_mappings.addWidget(line) + self.widgets.append(line) + +@@ -179,8 +179,8 @@ class PermissionMapping(SEToolsWidget, QWidget): + # setup color palettes for direction + self.orig_palette = self.direction.palette() + self.error_palette = self.direction.palette() +- self.error_palette.setColor(QPalette.Button, Qt.red) +- self.error_palette.setColor(QPalette.ButtonText, Qt.white) ++ self.error_palette.setColor(QPalette.ColorRole.Button, Qt.GlobalColor.red) ++ self.error_palette.setColor(QPalette.ColorRole.ButtonText, Qt.GlobalColor.white) + + # setup direction + self.direction.insertItems(0, index_to_word) +diff --git a/setoolsgui/apol/portconquery.py b/setoolsgui/apol/portconquery.py +index 50d054f867a5..de0a16567f1c 100644 +--- a/setoolsgui/apol/portconquery.py ++++ b/setoolsgui/apol/portconquery.py +@@ -75,7 +75,7 @@ class PortconQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.type_.palette() + self.error_palette = self.type_.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_ports_error() + self.clear_user_error() + self.clear_type_error() +@@ -92,7 +92,7 @@ class PortconQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -280,7 +280,7 @@ class PortconQueryTab(AnalysisTab): + self.query.ports_overlap = self.ports_overlap.isChecked() + self.query.ports_subset = self.ports_subset.isChecked() + self.query.ports_superset = self.ports_superset.isChecked() +- self.query.protocol = self.protocol.currentData(Qt.UserRole) ++ self.query.protocol = self.protocol.currentData(Qt.ItemDataRole.UserRole) + self.query.range_overlap = self.range_overlap.isChecked() + self.query.range_subset = self.range_subset.isChecked() + self.query.range_superset = self.range_superset.isChecked() +@@ -308,6 +308,6 @@ class PortconQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/rbacrulequery.py b/setoolsgui/apol/rbacrulequery.py +index 0ce4bb9ad6c6..4749d324d858 100644 +--- a/setoolsgui/apol/rbacrulequery.py ++++ b/setoolsgui/apol/rbacrulequery.py +@@ -71,7 +71,7 @@ class RBACRuleQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.source.palette() + self.error_palette = self.source.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_source_error() + self.clear_target_error() + self.clear_default_error() +@@ -86,7 +86,7 @@ class RBACRuleQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -194,7 +194,7 @@ class RBACRuleQueryTab(AnalysisTab): + def set_tclass(self): + selected_classes = [] + for index in self.tclass.selectionModel().selectedIndexes(): +- selected_classes.append(self.class_model.data(index, Qt.UserRole)) ++ selected_classes.append(self.class_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.tclass = selected_classes + +@@ -292,6 +292,6 @@ class RBACRuleQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/rolequery.py b/setoolsgui/apol/rolequery.py +index 29983a5961ee..e75614d9a992 100644 +--- a/setoolsgui/apol/rolequery.py ++++ b/setoolsgui/apol/rolequery.py +@@ -62,13 +62,13 @@ class RoleQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # setup indications of errors on level/range + self.errors = set() + self.orig_palette = self.name.palette() + self.error_palette = self.name.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + + # set up processing thread +@@ -112,7 +112,7 @@ class RoleQueryTab(AnalysisTab): + def get_detail(self): + # .ui is set for single item selection. + index = self.roles.selectedIndexes()[0] +- item = self.role_model.data(index, Qt.UserRole) ++ item = self.role_model.data(index, Qt.ItemDataRole.UserRole) + + self.log.debug("Generating detail window for {0}".format(item)) + role_detail(self, item) +@@ -142,7 +142,7 @@ class RoleQueryTab(AnalysisTab): + def set_types(self): + selected_types = [] + for index in self.types.selectionModel().selectedIndexes(): +- selected_types.append(self.type_model.data(index, Qt.UserRole)) ++ selected_types.append(self.type_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.types = selected_types + +@@ -209,6 +209,6 @@ class RoleQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/sensitivityquery.py b/setoolsgui/apol/sensitivityquery.py +index d5bcbec53fda..c8a27891ae97 100644 +--- a/setoolsgui/apol/sensitivityquery.py ++++ b/setoolsgui/apol/sensitivityquery.py +@@ -57,13 +57,13 @@ class SensitivityQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # setup indications of errors on level/range + self.errors = set() + self.orig_palette = self.name.palette() + self.error_palette = self.name.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + + # set up processing thread +@@ -105,7 +105,7 @@ class SensitivityQueryTab(AnalysisTab): + def get_detail(self): + # .ui is set for single item selection. + index = self.sens.selectedIndexes()[0] +- item = self.sensitivity_model.data(index, Qt.UserRole) ++ item = self.sensitivity_model.data(index, Qt.ItemDataRole.UserRole) + + self.log.debug("Generating detail window for {0}".format(item)) + sensitivity_detail(self, item) +@@ -186,6 +186,6 @@ class SensitivityQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/terulequery.py b/setoolsgui/apol/terulequery.py +index 3064710550f5..7c99469edc87 100644 +--- a/setoolsgui/apol/terulequery.py ++++ b/setoolsgui/apol/terulequery.py +@@ -69,7 +69,7 @@ class TERuleQueryTab(AnalysisTab): + self.errors = set() + self.orig_palette = self.source.palette() + self.error_palette = self.source.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_source_error() + self.clear_target_error() + self.clear_default_error() +@@ -94,7 +94,7 @@ class TERuleQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # set up processing thread + self.thread = QThread() +@@ -221,7 +221,7 @@ class TERuleQueryTab(AnalysisTab): + def set_tclass(self): + selected_classes = [] + for index in self.tclass.selectionModel().selectedIndexes(): +- selected_classes.append(self.class_model.data(index, Qt.UserRole)) ++ selected_classes.append(self.class_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.tclass = selected_classes + self.perms_model.set_classes(selected_classes) +@@ -236,7 +236,7 @@ class TERuleQueryTab(AnalysisTab): + def set_perms(self): + selected_perms = [] + for index in self.perms.selectionModel().selectedIndexes(): +- selected_perms.append(self.perms_model.data(index, Qt.UserRole)) ++ selected_perms.append(self.perms_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.perms = selected_perms + +@@ -302,7 +302,7 @@ class TERuleQueryTab(AnalysisTab): + def set_bools(self): + selected_bools = [] + for index in self.bool_criteria.selectionModel().selectedIndexes(): +- selected_bools.append(self.bool_model.data(index, Qt.UserRole)) ++ selected_bools.append(self.bool_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.boolean = selected_bools + +@@ -407,9 +407,9 @@ class TERuleQueryTab(AnalysisTab): + reply = QMessageBox.question( + self, "Continue?", + "This is a broad query, estimated to return {0} results. Continue?". +- format(max_results), QMessageBox.Yes | QMessageBox.No) ++ format(max_results), QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) + +- if reply == QMessageBox.No: ++ if reply == QMessageBox.StandardButton.No: + return + + # start processing +@@ -440,6 +440,6 @@ class TERuleQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/typeattrquery.py b/setoolsgui/apol/typeattrquery.py +index 14a4141d922a..67a087a7e3f0 100644 +--- a/setoolsgui/apol/typeattrquery.py ++++ b/setoolsgui/apol/typeattrquery.py +@@ -62,13 +62,13 @@ class TypeAttributeQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # setup indications of errors on level/range + self.errors = set() + self.orig_palette = self.name.palette() + self.error_palette = self.name.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + + # set up processing thread +@@ -112,7 +112,7 @@ class TypeAttributeQueryTab(AnalysisTab): + def get_detail(self): + # .ui is set for single item selection. + index = self.attrs.selectedIndexes()[0] +- item = self.attr_model.data(index, Qt.UserRole) ++ item = self.attr_model.data(index, Qt.ItemDataRole.UserRole) + + self.log.debug("Generating detail window for {0}".format(item)) + typeattr_detail(self, item) +@@ -142,7 +142,7 @@ class TypeAttributeQueryTab(AnalysisTab): + def set_types(self): + selected_types = [] + for index in self.types.selectionModel().selectedIndexes(): +- selected_types.append(self.type_model.data(index, Qt.UserRole)) ++ selected_types.append(self.type_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.types = selected_types + +@@ -209,6 +209,6 @@ class TypeAttributeQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/typequery.py b/setoolsgui/apol/typequery.py +index 2e261ccd52db..a22e3547cd16 100644 +--- a/setoolsgui/apol/typequery.py ++++ b/setoolsgui/apol/typequery.py +@@ -62,13 +62,13 @@ class TypeQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # setup indications of errors on level/range + self.errors = set() + self.orig_palette = self.name.palette() + self.error_palette = self.name.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + + # set up processing thread +@@ -112,7 +112,7 @@ class TypeQueryTab(AnalysisTab): + def get_detail(self): + # .ui is set for single item selection. + index = self.types.selectedIndexes()[0] +- item = self.type_model.data(index, Qt.UserRole) ++ item = self.type_model.data(index, Qt.ItemDataRole.UserRole) + + self.log.debug("Generating detail window for {0}".format(item)) + type_detail(self, item) +@@ -142,7 +142,7 @@ class TypeQueryTab(AnalysisTab): + def set_attrs(self): + selected_attrs = [] + for index in self.attrs.selectionModel().selectedIndexes(): +- selected_attrs.append(self.attr_model.data(index, Qt.UserRole)) ++ selected_attrs.append(self.attr_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.attrs = selected_attrs + +@@ -213,6 +213,6 @@ class TypeQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/userquery.py b/setoolsgui/apol/userquery.py +index c325888db8ec..19ffb03c2975 100644 +--- a/setoolsgui/apol/userquery.py ++++ b/setoolsgui/apol/userquery.py +@@ -62,13 +62,13 @@ class UserQueryTab(AnalysisTab): + self.sort_proxy = QSortFilterProxyModel(self) + self.sort_proxy.setSourceModel(self.table_results_model) + self.table_results.setModel(self.sort_proxy) +- self.table_results.sortByColumn(0, Qt.AscendingOrder) ++ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) + + # setup indications of errors on level/range + self.errors = set() + self.orig_palette = self.name.palette() + self.error_palette = self.name.palette() +- self.error_palette.setColor(QPalette.Base, Qt.red) ++ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) + self.clear_name_error() + + if self.policy.mls: +@@ -135,7 +135,7 @@ class UserQueryTab(AnalysisTab): + def get_detail(self): + # .ui is set for single item selection. + index = self.users.selectedIndexes()[0] +- item = self.user_model.data(index, Qt.UserRole) ++ item = self.user_model.data(index, Qt.ItemDataRole.UserRole) + + self.log.debug("Generating detail window for {0}".format(item)) + user_detail(self, item) +@@ -165,7 +165,7 @@ class UserQueryTab(AnalysisTab): + def set_roles(self): + selected_roles = [] + for index in self.roles.selectionModel().selectedIndexes(): +- selected_roles.append(self.role_model.data(index, Qt.UserRole)) ++ selected_roles.append(self.role_model.data(index, Qt.ItemDataRole.UserRole)) + + self.query.roles = selected_roles + +@@ -262,6 +262,6 @@ class UserQueryTab(AnalysisTab): + if not self.busy.wasCanceled(): + self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") + self.busy.repaint() +- self.raw_results.moveCursor(QTextCursor.Start) ++ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) + + self.busy.reset() +diff --git a/setoolsgui/apol/workspace.py b/setoolsgui/apol/workspace.py +index 0f8ec82cdaea..2b4229224b85 100644 +--- a/setoolsgui/apol/workspace.py ++++ b/setoolsgui/apol/workspace.py +@@ -141,7 +141,7 @@ def save_listviews(tab, settings, listviews): + + selections = [] + for index in listview.selectedIndexes(): +- item = datamodel.data(index, Qt.DisplayRole) ++ item = datamodel.data(index, Qt.ItemDataRole.DisplayRole) + selections.append(item) + + settings[entry] = selections +@@ -181,10 +181,10 @@ def load_listviews(tab, settings, listviews): + + for row in range(datamodel.rowCount()): + index = datamodel.createIndex(row, 0) +- item = datamodel.data(index, Qt.DisplayRole) ++ item = datamodel.data(index, Qt.ItemDataRole.DisplayRole) + + if item in selections: +- selectionmodel.select(index, QItemSelectionModel.Select) ++ selectionmodel.select(index, QItemSelectionModel.SelectionFlag.Select) + + + def save_comboboxes(tab, settings, comboboxes): +@@ -199,7 +199,7 @@ def save_comboboxes(tab, settings, comboboxes): + + for entry in comboboxes: + combobox = getattr(tab, entry) +- settings[entry] = combobox.currentData(Qt.DisplayRole) ++ settings[entry] = combobox.currentData(Qt.ItemDataRole.DisplayRole) + + + def load_comboboxes(tab, settings, comboboxes): +diff --git a/setoolsgui/boolmodel.py b/setoolsgui/boolmodel.py +index 0d698c92f51b..c331fdd5057d 100644 +--- a/setoolsgui/boolmodel.py ++++ b/setoolsgui/boolmodel.py +@@ -38,12 +38,12 @@ class BooleanTableModel(SEToolsTableModel): + col = index.column() + boolean = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return boolean.name + elif col == 1: + return str(boolean.state) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + # get the whole rule for boolean boolean + return boolean +diff --git a/setoolsgui/boundsmodel.py b/setoolsgui/boundsmodel.py +index c84f612a3b3a..c7ed1e7c227f 100644 +--- a/setoolsgui/boundsmodel.py ++++ b/setoolsgui/boundsmodel.py +@@ -20,7 +20,7 @@ class BoundsTableModel(SEToolsTableModel): + col = index.column() + item = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return item.ruletype.name + elif col == 1: +@@ -28,5 +28,5 @@ class BoundsTableModel(SEToolsTableModel): + elif col == 2: + return item.child.name + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return item +diff --git a/setoolsgui/commonmodel.py b/setoolsgui/commonmodel.py +index a6f6fed53840..2ceb57f4f0a3 100644 +--- a/setoolsgui/commonmodel.py ++++ b/setoolsgui/commonmodel.py +@@ -42,11 +42,11 @@ class CommonTableModel(SEToolsTableModel): + col = index.column() + item = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return item.name + elif col == 1: + return ", ".join(sorted(item.perms)) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return item +diff --git a/setoolsgui/constraintmodel.py b/setoolsgui/constraintmodel.py +index 122dff0b5139..d295f28f208b 100644 +--- a/setoolsgui/constraintmodel.py ++++ b/setoolsgui/constraintmodel.py +@@ -21,7 +21,7 @@ class ConstraintTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return rule.ruletype.name + elif col == 1: +@@ -34,5 +34,5 @@ class ConstraintTableModel(SEToolsTableModel): + elif col == 3: + return str(rule.expression) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/defaultmodel.py b/setoolsgui/defaultmodel.py +index b9a6a58ebfea..3a699c49ce8c 100644 +--- a/setoolsgui/defaultmodel.py ++++ b/setoolsgui/defaultmodel.py +@@ -22,7 +22,7 @@ class DefaultTableModel(SEToolsTableModel): + col = index.column() + item = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return item.ruletype.name + elif col == 1: +@@ -33,5 +33,5 @@ class DefaultTableModel(SEToolsTableModel): + with suppress(AttributeError): + return item.default_range.name + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return item +diff --git a/setoolsgui/details.py b/setoolsgui/details.py +index 4eb70066cfdb..8d4882cd6a1e 100644 +--- a/setoolsgui/details.py ++++ b/setoolsgui/details.py +@@ -37,15 +37,15 @@ class DetailsPopup(SEToolsWidget, QDialog): + self.setWindowTitle(text) + + def append(self, text): +- self.contents.setFontWeight(QFont.Normal) ++ self.contents.setFontWeight(QFont.Weight.Normal) + self.contents.setFontPointSize(9) + self.contents.append(text) + + def append_header(self, text): +- self.contents.setFontWeight(QFont.Black) ++ self.contents.setFontWeight(QFont.Weight.Black) + self.contents.setFontPointSize(11) + self.contents.append(text) + + def show(self): +- self.contents.moveCursor(QTextCursor.Start) ++ self.contents.moveCursor(QTextCursor.MoveOperation.Start) + super(DetailsPopup, self).show() +diff --git a/setoolsgui/fsusemodel.py b/setoolsgui/fsusemodel.py +index 2b3a3f402af9..bc100784c490 100644 +--- a/setoolsgui/fsusemodel.py ++++ b/setoolsgui/fsusemodel.py +@@ -20,7 +20,7 @@ class FSUseTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return rule.ruletype.name + elif col == 1: +@@ -28,5 +28,5 @@ class FSUseTableModel(SEToolsTableModel): + elif col == 2: + return str(rule.context) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/genfsconmodel.py b/setoolsgui/genfsconmodel.py +index 6fc46408865c..1e50d929446a 100644 +--- a/setoolsgui/genfsconmodel.py ++++ b/setoolsgui/genfsconmodel.py +@@ -32,7 +32,7 @@ class GenfsconTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return rule.fs + elif col == 1: +@@ -42,5 +42,5 @@ class GenfsconTableModel(SEToolsTableModel): + elif col == 3: + return str(rule.context) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/ibendportconmodel.py b/setoolsgui/ibendportconmodel.py +index 199932d39415..37b7a8d74948 100644 +--- a/setoolsgui/ibendportconmodel.py ++++ b/setoolsgui/ibendportconmodel.py +@@ -20,7 +20,7 @@ class IbendportconTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return rule.name + elif col == 1: +@@ -28,5 +28,5 @@ class IbendportconTableModel(SEToolsTableModel): + elif col == 2: + return str(rule.context) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/ibpkeyconmodel.py b/setoolsgui/ibpkeyconmodel.py +index f3cd95205d51..160425504521 100644 +--- a/setoolsgui/ibpkeyconmodel.py ++++ b/setoolsgui/ibpkeyconmodel.py +@@ -20,7 +20,7 @@ class IbpkeyconTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return str(rule.subnet_prefix) + elif col == 1: +@@ -32,5 +32,5 @@ class IbpkeyconTableModel(SEToolsTableModel): + elif col == 2: + return str(rule.context) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/initsidmodel.py b/setoolsgui/initsidmodel.py +index 1155a50fccb9..9ffb408024fd 100644 +--- a/setoolsgui/initsidmodel.py ++++ b/setoolsgui/initsidmodel.py +@@ -20,11 +20,11 @@ class InitialSIDTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return rule.name + elif col == 1: + return str(rule.context) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/listview.py b/setoolsgui/listview.py +index a4beda50b9f6..e803975c52c6 100644 +--- a/setoolsgui/listview.py ++++ b/setoolsgui/listview.py +@@ -34,14 +34,14 @@ class SEToolsListView(QListView): + + for row in range(model.rowCount()): + index = model.createIndex(row, 0) +- selection_model.select(index, QItemSelectionModel.Toggle) ++ selection_model.select(index, QItemSelectionModel.SelectionFlag.Toggle) + +- def selection(self, qt_role=Qt.UserRole): ++ def selection(self, qt_role=Qt.ItemDataRole.UserRole): + """ + Generator which returns the selection. + + Parameter: +- qt_role The Qt model role. Default is Qt.UserRole. ++ qt_role The Qt model role. Default is Qt.ItemDataRole.UserRole. + + Yield: tuple(row, data) + row The row number of the selection. +diff --git a/setoolsgui/mlsmodel.py b/setoolsgui/mlsmodel.py +index 8dfb28066d34..147378ef585a 100644 +--- a/setoolsgui/mlsmodel.py ++++ b/setoolsgui/mlsmodel.py +@@ -63,11 +63,11 @@ class MLSComponentTableModel(SEToolsTableModel): + col = index.column() + item = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return item.name + elif col == 1: + return ", ".join(sorted(a for a in item.aliases())) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return item +diff --git a/setoolsgui/mlsrulemodel.py b/setoolsgui/mlsrulemodel.py +index 4fa4f186a6cf..54ad4c216c72 100644 +--- a/setoolsgui/mlsrulemodel.py ++++ b/setoolsgui/mlsrulemodel.py +@@ -20,7 +20,7 @@ class MLSRuleTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return rule.ruletype.name + elif col == 1: +@@ -32,5 +32,5 @@ class MLSRuleTableModel(SEToolsTableModel): + elif col == 4: + return str(rule.default) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/models.py b/setoolsgui/models.py +index fc7bf3df9ccf..dd864e932fbc 100644 +--- a/setoolsgui/models.py ++++ b/setoolsgui/models.py +@@ -19,7 +19,7 @@ def invert_list_selection(selection_model): + rowcount = model.rowCount() + for row in range(rowcount): + index = model.createIndex(row, 0) +- selection_model.select(index, QItemSelectionModel.Toggle) ++ selection_model.select(index, QItemSelectionModel.SelectionFlag.Toggle) + + + class SEToolsListModel(QAbstractListModel): +@@ -27,8 +27,8 @@ class SEToolsListModel(QAbstractListModel): + """ + The purpose of this model is to have the + objects return their string representations +- for Qt.DisplayRole and return the object +- for Qt.UserRole. ++ for Qt.ItemDataRole.DisplayRole and return the object ++ for Qt.ItemDataRole.UserRole. + + Some Python list-like functions are provided + for altering the model: append and remove +@@ -81,9 +81,9 @@ class SEToolsListModel(QAbstractListModel): + row = index.row() + item = self.item_list[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + return str(item) +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return item + + +@@ -133,7 +133,7 @@ class SEToolsTableModel(QAbstractTableModel): + self.resultlist = [] + + def headerData(self, section, orientation, role): +- if role == Qt.DisplayRole and orientation == Qt.Horizontal: ++ if role == Qt.ItemDataRole.DisplayRole and orientation == Qt.Orientation.Horizontal: + return self.headers[section] + + def rowCount(self, parent=QModelIndex()): +diff --git a/setoolsgui/netifconmodel.py b/setoolsgui/netifconmodel.py +index 3d2e4b8b6ee1..54659203e7e5 100644 +--- a/setoolsgui/netifconmodel.py ++++ b/setoolsgui/netifconmodel.py +@@ -20,7 +20,7 @@ class NetifconTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return rule.netif + elif col == 1: +@@ -28,5 +28,5 @@ class NetifconTableModel(SEToolsTableModel): + elif col == 2: + return str(rule.packet) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/nodeconmodel.py b/setoolsgui/nodeconmodel.py +index ec4d66e9a026..f8055fca194d 100644 +--- a/setoolsgui/nodeconmodel.py ++++ b/setoolsgui/nodeconmodel.py +@@ -20,11 +20,11 @@ class NodeconTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return str(rule.network.with_netmask) + elif col == 1: + return str(rule.context) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/objclassmodel.py b/setoolsgui/objclassmodel.py +index 9823b73b30ee..ff1641f8cc3e 100644 +--- a/setoolsgui/objclassmodel.py ++++ b/setoolsgui/objclassmodel.py +@@ -58,7 +58,7 @@ class ObjClassTableModel(SEToolsTableModel): + col = index.column() + item = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return item.name + elif col == 1: +@@ -69,5 +69,5 @@ class ObjClassTableModel(SEToolsTableModel): + + return ", ".join(sorted(chain(com_perms, item.perms))) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return item +diff --git a/setoolsgui/portconmodel.py b/setoolsgui/portconmodel.py +index 39d2c72e4625..1c3de4494af9 100644 +--- a/setoolsgui/portconmodel.py ++++ b/setoolsgui/portconmodel.py +@@ -20,7 +20,7 @@ class PortconTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + low, high = rule.ports + if low == high: +@@ -32,5 +32,5 @@ class PortconTableModel(SEToolsTableModel): + elif col == 2: + return str(rule.context) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/rbacrulemodel.py b/setoolsgui/rbacrulemodel.py +index d8df9409ed56..84d2ff09e4fc 100644 +--- a/setoolsgui/rbacrulemodel.py ++++ b/setoolsgui/rbacrulemodel.py +@@ -21,7 +21,7 @@ class RBACRuleTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return rule.ruletype.name + elif col == 1: +@@ -41,5 +41,5 @@ class RBACRuleTableModel(SEToolsTableModel): + except RuleUseError: + return None + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/rolemodel.py b/setoolsgui/rolemodel.py +index 004f4e7614ba..2dd7fe64d37e 100644 +--- a/setoolsgui/rolemodel.py ++++ b/setoolsgui/rolemodel.py +@@ -47,11 +47,11 @@ class RoleTableModel(SEToolsTableModel): + col = index.column() + item = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return item.name + elif col == 1: + return ", ".join(sorted(t.name for t in item.types())) +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + # get the whole object + return item +diff --git a/setoolsgui/tableview.py b/setoolsgui/tableview.py +index 9726cb053466..9ba49aa50fa3 100644 +--- a/setoolsgui/tableview.py ++++ b/setoolsgui/tableview.py +@@ -45,7 +45,7 @@ class SEToolsTableView(QTableView): + elif prev_col is not None and current_col != prev_col: + selected_text.append('\t') + +- selected_text.append(datamodel.data(index, Qt.DisplayRole)) ++ selected_text.append(datamodel.data(index, Qt.ItemDataRole.DisplayRole)) + + prev_row = current_row + prev_col = current_col +@@ -76,7 +76,7 @@ class SEToolsTableView(QTableView): + # write headers + csv_row = [] + for col in range(col_count): +- csv_row.append(datamodel.headerData(col, Qt.Horizontal, Qt.DisplayRole)) ++ csv_row.append(datamodel.headerData(col, Qt.Orientation.Horizontal, Qt.ItemDataRole.DisplayRole)) + + writer.writerow(csv_row) + +@@ -86,6 +86,6 @@ class SEToolsTableView(QTableView): + + for col in range(col_count): + index = datamodel.index(row, col) +- csv_row.append(datamodel.data(index, Qt.DisplayRole)) ++ csv_row.append(datamodel.data(index, Qt.ItemDataRole.DisplayRole)) + + writer.writerow(csv_row) +diff --git a/setoolsgui/terulemodel.py b/setoolsgui/terulemodel.py +index 4d51ac8e9b25..53b61a06d152 100644 +--- a/setoolsgui/terulemodel.py ++++ b/setoolsgui/terulemodel.py +@@ -22,7 +22,7 @@ class TERuleTableModel(SEToolsTableModel): + col = index.column() + rule = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return rule.ruletype.name + elif col == 1: +@@ -50,5 +50,5 @@ class TERuleTableModel(SEToolsTableModel): + except RuleNotConditional: + return None + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return rule +diff --git a/setoolsgui/typeattrmodel.py b/setoolsgui/typeattrmodel.py +index 1a752fcd82f0..0b7c7ffe65a5 100644 +--- a/setoolsgui/typeattrmodel.py ++++ b/setoolsgui/typeattrmodel.py +@@ -44,11 +44,11 @@ class TypeAttributeTableModel(SEToolsTableModel): + col = index.column() + item = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return item.name + elif col == 1: + return ", ".join(sorted(t.name for t in item.expand())) + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return item +diff --git a/setoolsgui/typemodel.py b/setoolsgui/typemodel.py +index 841cc42a52d3..037996b96a8c 100644 +--- a/setoolsgui/typemodel.py ++++ b/setoolsgui/typemodel.py +@@ -50,7 +50,7 @@ class TypeTableModel(SEToolsTableModel): + col = index.column() + item = self.resultlist[row] + +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + if col == 0: + return item.name + elif col == 1: +@@ -60,5 +60,5 @@ class TypeTableModel(SEToolsTableModel): + elif col == 3 and item.ispermissive: + return "Permissive" + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return item +diff --git a/setoolsgui/usermodel.py b/setoolsgui/usermodel.py +index d0a4b0ed1a63..d5aca7bc11a0 100644 +--- a/setoolsgui/usermodel.py ++++ b/setoolsgui/usermodel.py +@@ -56,7 +56,7 @@ class UserTableModel(SEToolsTableModel): + + def data(self, index, role): + if self.resultlist and index.isValid(): +- if role == Qt.DisplayRole: ++ if role == Qt.ItemDataRole.DisplayRole: + row = index.row() + col = index.column() + user = self.resultlist[row] +@@ -76,5 +76,5 @@ class UserTableModel(SEToolsTableModel): + except MLSDisabled: + return None + +- elif role == Qt.UserRole: ++ elif role == Qt.ItemDataRole.UserRole: + return user +-- +2.41.0 + diff --git a/0002-Use-PyQt6.patch b/0002-Use-PyQt6.patch new file mode 100644 index 0000000..8b0285c --- /dev/null +++ b/0002-Use-PyQt6.patch @@ -0,0 +1,1121 @@ +From a9a062004e9974e06880e57ddb2c9699de2696f0 Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Mon, 4 Sep 2023 16:12:59 +0200 +Subject: [PATCH] Use PyQt6 +Content-type: text/plain + +Signed-off-by: Petr Lautrbach +--- + .mypy.ini | 2 +- + README.md | 6 +++--- + apol | 4 ++-- + setoolsgui/apol/analysistab.py | 4 ++-- + setoolsgui/apol/boolquery.py | 6 +++--- + setoolsgui/apol/boundsquery.py | 6 +++--- + setoolsgui/apol/categoryquery.py | 6 +++--- + setoolsgui/apol/chooseanalysis.py | 4 ++-- + setoolsgui/apol/commonquery.py | 6 +++--- + setoolsgui/apol/constraintquery.py | 6 +++--- + setoolsgui/apol/defaultquery.py | 6 +++--- + setoolsgui/apol/dta.py | 6 +++--- + setoolsgui/apol/excludetypes.py | 4 ++-- + setoolsgui/apol/fsusequery.py | 6 +++--- + setoolsgui/apol/genfsconquery.py | 6 +++--- + setoolsgui/apol/ibendportconquery.py | 6 +++--- + setoolsgui/apol/ibpkeyconquery.py | 6 +++--- + setoolsgui/apol/infoflow.py | 6 +++--- + setoolsgui/apol/initsidquery.py | 6 +++--- + setoolsgui/apol/mainwindow.py | 8 ++++---- + setoolsgui/apol/mlsrulequery.py | 6 +++--- + setoolsgui/apol/netifconquery.py | 6 +++--- + setoolsgui/apol/nodeconquery.py | 6 +++--- + setoolsgui/apol/objclassquery.py | 6 +++--- + setoolsgui/apol/permmapedit.py | 6 +++--- + setoolsgui/apol/portconquery.py | 6 +++--- + setoolsgui/apol/queryupdater.py | 2 +- + setoolsgui/apol/rbacrulequery.py | 6 +++--- + setoolsgui/apol/rolequery.py | 6 +++--- + setoolsgui/apol/sensitivityquery.py | 6 +++--- + setoolsgui/apol/summary.py | 6 +++--- + setoolsgui/apol/terulequery.py | 6 +++--- + setoolsgui/apol/typeattrquery.py | 6 +++--- + setoolsgui/apol/typequery.py | 6 +++--- + setoolsgui/apol/userquery.py | 6 +++--- + setoolsgui/apol/workspace.py | 2 +- + setoolsgui/boolmodel.py | 4 ++-- + setoolsgui/boundsmodel.py | 2 +- + setoolsgui/commonmodel.py | 4 ++-- + setoolsgui/constraintmodel.py | 2 +- + setoolsgui/defaultmodel.py | 2 +- + setoolsgui/details.py | 4 ++-- + setoolsgui/fsusemodel.py | 2 +- + setoolsgui/genfsconmodel.py | 2 +- + setoolsgui/getdetailslist.py | 4 ++-- + setoolsgui/ibendportconmodel.py | 2 +- + setoolsgui/ibpkeyconmodel.py | 2 +- + setoolsgui/initsidmodel.py | 2 +- + setoolsgui/listview.py | 6 +++--- + setoolsgui/logtosignal.py | 2 +- + setoolsgui/mlsmodel.py | 4 ++-- + setoolsgui/mlsrulemodel.py | 2 +- + setoolsgui/models.py | 2 +- + setoolsgui/netifconmodel.py | 2 +- + setoolsgui/nodeconmodel.py | 2 +- + setoolsgui/objclassmodel.py | 4 ++-- + setoolsgui/portconmodel.py | 2 +- + setoolsgui/rbacrulemodel.py | 2 +- + setoolsgui/rolemodel.py | 4 ++-- + setoolsgui/tableview.py | 6 +++--- + setoolsgui/terulemodel.py | 2 +- + setoolsgui/treeview.py | 6 +++--- + setoolsgui/typeattrmodel.py | 4 ++-- + setoolsgui/typemodel.py | 4 ++-- + setoolsgui/usermodel.py | 2 +- + setoolsgui/widget.py | 2 +- + 66 files changed, 144 insertions(+), 144 deletions(-) + +diff --git a/.mypy.ini b/.mypy.ini +index b45560b7d8d0..7d3aef848b4a 100644 +--- a/.mypy.ini ++++ b/.mypy.ini +@@ -9,7 +9,7 @@ ignore_missing_imports = True + [mypy-networkx.*] + ignore_missing_imports = True + +-[mypy-PyQt5.*] ++[mypy-PyQt6.*] + ignore_missing_imports = True + + [mypy-sip] +diff --git a/README.md b/README.md +index b5a05c9376c3..d291e0d5693d 100644 +--- a/README.md ++++ b/README.md +@@ -20,8 +20,8 @@ To run SETools command line tools, the following packages are required: + * libsepol 3.2+ + + To run SETools graphical tools, the following packages are also required: +-* PyQt5 +-* qt5-assistant ++* PyQt6 ++* qt6-assistant + * qt-devel (only if rebuilding the help file) + + To build SETools, the following development packages are required, in +@@ -73,7 +73,7 @@ the tools can be ran from the current directory (e.g. ```./seinfo```). + ### Rebuilding the Apol Help File + + For convenience, a prebuilt copy of the apol help data file is included. +-To rebuild this file, the Qt5 development tools are required ++To rebuild this file, the Qt6 development tools are required + (particularly, the ```qcollectiongenerator``` tool). At the root + of the SETools sources, perform the following: + ``` +diff --git a/apol b/apol +index 400832199eae..f32b29bf8c5c 100755 +--- a/apol ++++ b/apol +@@ -8,7 +8,7 @@ import sys + import argparse + import logging + +-from PyQt5.QtWidgets import QApplication ++from PyQt6.QtWidgets import QApplication + import setools + import setoolsgui + +@@ -42,7 +42,7 @@ logging.getLogger().addHandler(console_handler) + try: + app = QApplication(sys.argv) + mainwindow = setoolsgui.ApolMainWindow(args.policy) +- sys.exit(app.exec_()) ++ sys.exit(app.exec()) + + except Exception as err: + if args.debug: +diff --git a/setoolsgui/apol/analysistab.py b/setoolsgui/apol/analysistab.py +index bc3629ff274a..13f89db32277 100644 +--- a/setoolsgui/apol/analysistab.py ++++ b/setoolsgui/apol/analysistab.py +@@ -6,8 +6,8 @@ + from typing import Dict, NamedTuple + from enum import Enum + +-import sip +-from PyQt5.QtWidgets import QDialogButtonBox, QScrollArea ++import PyQt6.sip as sip ++from PyQt6.QtWidgets import QDialogButtonBox, QScrollArea + + from ..widget import SEToolsWidget + +diff --git a/setoolsgui/apol/boolquery.py b/setoolsgui/apol/boolquery.py +index 6116fe48a846..d7bf529fa267 100644 +--- a/setoolsgui/apol/boolquery.py ++++ b/setoolsgui/apol/boolquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import BoolQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/boundsquery.py b/setoolsgui/apol/boundsquery.py +index 5b90c2ee2ded..5c53803dbb7a 100644 +--- a/setoolsgui/apol/boundsquery.py ++++ b/setoolsgui/apol/boundsquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import BoundsQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/categoryquery.py b/setoolsgui/apol/categoryquery.py +index 598f163c335f..7df35566f672 100644 +--- a/setoolsgui/apol/categoryquery.py ++++ b/setoolsgui/apol/categoryquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import CategoryQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/chooseanalysis.py b/setoolsgui/apol/chooseanalysis.py +index 155ae6d2f4ae..d7d192a94c2a 100644 +--- a/setoolsgui/apol/chooseanalysis.py ++++ b/setoolsgui/apol/chooseanalysis.py +@@ -5,8 +5,8 @@ + # + from collections import defaultdict + +-from PyQt5.QtCore import Qt +-from PyQt5.QtWidgets import QDialog, QTreeWidgetItem ++from PyQt6.QtCore import Qt ++from PyQt6.QtWidgets import QDialog, QTreeWidgetItem + + from ..widget import SEToolsWidget + from .analysistab import AnalysisSection, AnalysisTab, TAB_REGISTRY +diff --git a/setoolsgui/apol/commonquery.py b/setoolsgui/apol/commonquery.py +index 8fb11e87290d..1c73a42aff4b 100644 +--- a/setoolsgui/apol/commonquery.py ++++ b/setoolsgui/apol/commonquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import CommonQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/constraintquery.py b/setoolsgui/apol/constraintquery.py +index ee64db0ca1df..efda65f4c55e 100644 +--- a/setoolsgui/apol/constraintquery.py ++++ b/setoolsgui/apol/constraintquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import ConstraintQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/defaultquery.py b/setoolsgui/apol/defaultquery.py +index e09692ee6a46..cad78d03e8a8 100644 +--- a/setoolsgui/apol/defaultquery.py ++++ b/setoolsgui/apol/defaultquery.py +@@ -8,9 +8,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import DefaultQuery, DefaultValue, DefaultRangeValue + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py +index 8bbed4dbe21f..bdbe6f448150 100644 +--- a/setoolsgui/apol/dta.py ++++ b/setoolsgui/apol/dta.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ ++from PyQt6.QtCore import pyqtSignal, Qt, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ + QTreeWidgetItem + from setools import DomainTransitionAnalysis + +diff --git a/setoolsgui/apol/excludetypes.py b/setoolsgui/apol/excludetypes.py +index 1c4beaf84542..a764597cc1cd 100644 +--- a/setoolsgui/apol/excludetypes.py ++++ b/setoolsgui/apol/excludetypes.py +@@ -7,8 +7,8 @@ + import logging + import copy + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel +-from PyQt5.QtWidgets import QDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel ++from PyQt6.QtWidgets import QDialog + + from ..models import SEToolsListModel + from ..widget import SEToolsWidget +diff --git a/setoolsgui/apol/fsusequery.py b/setoolsgui/apol/fsusequery.py +index 4e7567f4e4c6..e0b77af58ef0 100644 +--- a/setoolsgui/apol/fsusequery.py ++++ b/setoolsgui/apol/fsusequery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import FSUseQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/genfsconquery.py b/setoolsgui/apol/genfsconquery.py +index 33dbed787cd6..5294e9042857 100644 +--- a/setoolsgui/apol/genfsconquery.py ++++ b/setoolsgui/apol/genfsconquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import GenfsconQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/ibendportconquery.py b/setoolsgui/apol/ibendportconquery.py +index 18252dd23de0..e688773eac5a 100644 +--- a/setoolsgui/apol/ibendportconquery.py ++++ b/setoolsgui/apol/ibendportconquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QProgressDialog + from setools import IbendportconQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/ibpkeyconquery.py b/setoolsgui/apol/ibpkeyconquery.py +index b7a78bf908a0..27be270f6602 100644 +--- a/setoolsgui/apol/ibpkeyconquery.py ++++ b/setoolsgui/apol/ibpkeyconquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QProgressDialog + from setools import IbpkeyconQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py +index 526f3074e143..a57c232ccc3e 100644 +--- a/setoolsgui/apol/infoflow.py ++++ b/setoolsgui/apol/infoflow.py +@@ -9,9 +9,9 @@ import copy + from collections import defaultdict + from contextlib import suppress + +-from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ ++from PyQt6.QtCore import pyqtSignal, Qt, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ + QTreeWidgetItem + from setools import InfoFlowAnalysis + from setools.exception import UnmappedClass, UnmappedPermission +diff --git a/setoolsgui/apol/initsidquery.py b/setoolsgui/apol/initsidquery.py +index d01f87130925..f84e4c2260a9 100644 +--- a/setoolsgui/apol/initsidquery.py ++++ b/setoolsgui/apol/initsidquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import InitialSIDQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/mainwindow.py b/setoolsgui/apol/mainwindow.py +index dcbfb7590ef7..7dc3cd852820 100644 +--- a/setoolsgui/apol/mainwindow.py ++++ b/setoolsgui/apol/mainwindow.py +@@ -11,8 +11,8 @@ import json + from contextlib import suppress + + import pkg_resources +-from PyQt5.QtCore import pyqtSlot, Qt, QProcess +-from PyQt5.QtWidgets import QApplication, QFileDialog, QLineEdit, QMainWindow, QMessageBox ++from PyQt6.QtCore import pyqtSlot, Qt, QProcess ++from PyQt6.QtWidgets import QApplication, QFileDialog, QLineEdit, QMainWindow, QMessageBox + from setools import __version__, PermissionMap, SELinuxPolicy + + from ..widget import SEToolsWidget +@@ -26,7 +26,7 @@ from .summary import SummaryTab + + + BIN_SEARCH_PATHS = ("/usr/local/bin:/usr/bin:/bin") +-POSSIBLE_ASSISTANT = ("assistant", "assistant-qt5") ++POSSIBLE_ASSISTANT = ("assistant", "assistant-qt6") + + + class ApolMainWindow(SEToolsWidget, QMainWindow): +@@ -666,7 +666,7 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): + reply = QMessageBox.question( + self, "Qt Assistant Package Installed?", + "Failed to start QT Assistant program {}. " +- "This is typically in the assistant or qt5-assistant package. " ++ "This is typically in the assistant or qt6-assistant package. " + "Choose location of Qt Assistant executable?".format( + self.config.assistant), + QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) +diff --git a/setoolsgui/apol/mlsrulequery.py b/setoolsgui/apol/mlsrulequery.py +index bb554ade6657..ec0a20955ed8 100644 +--- a/setoolsgui/apol/mlsrulequery.py ++++ b/setoolsgui/apol/mlsrulequery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import MLSRuleQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/netifconquery.py b/setoolsgui/apol/netifconquery.py +index 4cf3de1a9f5c..3c828edb26c6 100644 +--- a/setoolsgui/apol/netifconquery.py ++++ b/setoolsgui/apol/netifconquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import NetifconQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/nodeconquery.py b/setoolsgui/apol/nodeconquery.py +index 81a33a794c05..dddfa069b9ad 100644 +--- a/setoolsgui/apol/nodeconquery.py ++++ b/setoolsgui/apol/nodeconquery.py +@@ -8,9 +8,9 @@ import sys + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import NodeconQuery, NodeconIPVersion + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/objclassquery.py b/setoolsgui/apol/objclassquery.py +index 23c8188e8bbd..4f0355dd3176 100644 +--- a/setoolsgui/apol/objclassquery.py ++++ b/setoolsgui/apol/objclassquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import ObjClassQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/permmapedit.py b/setoolsgui/apol/permmapedit.py +index d1e0b01ce854..ee01917a7bc5 100644 +--- a/setoolsgui/apol/permmapedit.py ++++ b/setoolsgui/apol/permmapedit.py +@@ -6,9 +6,9 @@ + import logging + import copy + +-from PyQt5.QtCore import pyqtSignal, pyqtSlot, Qt +-from PyQt5.QtGui import QPalette +-from PyQt5.QtWidgets import QDialog, QFrame, QWidget ++from PyQt6.QtCore import pyqtSignal, pyqtSlot, Qt ++from PyQt6.QtGui import QPalette ++from PyQt6.QtWidgets import QDialog, QFrame, QWidget + + from ..models import SEToolsListModel + from ..widget import SEToolsWidget +diff --git a/setoolsgui/apol/portconquery.py b/setoolsgui/apol/portconquery.py +index de0a16567f1c..2afdd16e9f9c 100644 +--- a/setoolsgui/apol/portconquery.py ++++ b/setoolsgui/apol/portconquery.py +@@ -8,9 +8,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import PortconQuery, PortconProtocol + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/queryupdater.py b/setoolsgui/apol/queryupdater.py +index 9b6c155caa0a..07dc21a7d83d 100644 +--- a/setoolsgui/apol/queryupdater.py ++++ b/setoolsgui/apol/queryupdater.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import pyqtSignal, QObject, QThread ++from PyQt6.QtCore import pyqtSignal, QObject, QThread + + + class QueryResultsUpdater(QObject): +diff --git a/setoolsgui/apol/rbacrulequery.py b/setoolsgui/apol/rbacrulequery.py +index 4749d324d858..505a1858d015 100644 +--- a/setoolsgui/apol/rbacrulequery.py ++++ b/setoolsgui/apol/rbacrulequery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import RBACRuleQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/rolequery.py b/setoolsgui/apol/rolequery.py +index e75614d9a992..bd1a02a1d614 100644 +--- a/setoolsgui/apol/rolequery.py ++++ b/setoolsgui/apol/rolequery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import RoleQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/sensitivityquery.py b/setoolsgui/apol/sensitivityquery.py +index c8a27891ae97..aac7e2971b6d 100644 +--- a/setoolsgui/apol/sensitivityquery.py ++++ b/setoolsgui/apol/sensitivityquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import SensitivityQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/summary.py b/setoolsgui/apol/summary.py +index 1aeb2b303bd6..32b6c5fcfbe5 100644 +--- a/setoolsgui/apol/summary.py ++++ b/setoolsgui/apol/summary.py +@@ -7,9 +7,9 @@ + + import logging + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import MLSRuleQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/terulequery.py b/setoolsgui/apol/terulequery.py +index 7c99469edc87..4aba54cc59d0 100644 +--- a/setoolsgui/apol/terulequery.py ++++ b/setoolsgui/apol/terulequery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import TERuleQuery, xperm_str_to_tuple_ranges + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/typeattrquery.py b/setoolsgui/apol/typeattrquery.py +index 67a087a7e3f0..f76de94e93d7 100644 +--- a/setoolsgui/apol/typeattrquery.py ++++ b/setoolsgui/apol/typeattrquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import TypeAttributeQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/typequery.py b/setoolsgui/apol/typequery.py +index a22e3547cd16..4859364576e4 100644 +--- a/setoolsgui/apol/typequery.py ++++ b/setoolsgui/apol/typequery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import TypeQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/userquery.py b/setoolsgui/apol/userquery.py +index 19ffb03c2975..6200ddcb8398 100644 +--- a/setoolsgui/apol/userquery.py ++++ b/setoolsgui/apol/userquery.py +@@ -7,9 +7,9 @@ + import logging + from contextlib import suppress + +-from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread +-from PyQt5.QtGui import QPalette, QTextCursor +-from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog ++from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread ++from PyQt6.QtGui import QPalette, QTextCursor ++from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog + from setools import UserQuery + + from ..logtosignal import LogHandlerToSignal +diff --git a/setoolsgui/apol/workspace.py b/setoolsgui/apol/workspace.py +index 2b4229224b85..8db9d1478d4d 100644 +--- a/setoolsgui/apol/workspace.py ++++ b/setoolsgui/apol/workspace.py +@@ -9,7 +9,7 @@ import logging + import setools + + +-from PyQt5.QtCore import Qt, QItemSelectionModel ++from PyQt6.QtCore import Qt, QItemSelectionModel + + + def save_checkboxes(tab, settings, checkboxes): +diff --git a/setoolsgui/boolmodel.py b/setoolsgui/boolmodel.py +index c331fdd5057d..a1a733987258 100644 +--- a/setoolsgui/boolmodel.py ++++ b/setoolsgui/boolmodel.py +@@ -3,8 +3,8 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt +-from PyQt5.QtGui import QPalette, QTextCursor ++from PyQt6.QtCore import Qt ++from PyQt6.QtGui import QPalette, QTextCursor + + from .details import DetailsPopup + from .models import SEToolsTableModel +diff --git a/setoolsgui/boundsmodel.py b/setoolsgui/boundsmodel.py +index c7ed1e7c227f..fdc1462b0a9b 100644 +--- a/setoolsgui/boundsmodel.py ++++ b/setoolsgui/boundsmodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + + from .models import SEToolsTableModel + +diff --git a/setoolsgui/commonmodel.py b/setoolsgui/commonmodel.py +index 2ceb57f4f0a3..a5c656deac15 100644 +--- a/setoolsgui/commonmodel.py ++++ b/setoolsgui/commonmodel.py +@@ -3,8 +3,8 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt +-from PyQt5.QtGui import QPalette, QTextCursor ++from PyQt6.QtCore import Qt ++from PyQt6.QtGui import QPalette, QTextCursor + + from setools.exception import NoCommon + +diff --git a/setoolsgui/constraintmodel.py b/setoolsgui/constraintmodel.py +index d295f28f208b..2ae8dc5ba025 100644 +--- a/setoolsgui/constraintmodel.py ++++ b/setoolsgui/constraintmodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + from setools.exception import ConstraintUseError + + from .models import SEToolsTableModel +diff --git a/setoolsgui/defaultmodel.py b/setoolsgui/defaultmodel.py +index 3a699c49ce8c..fe29b3f3179b 100644 +--- a/setoolsgui/defaultmodel.py ++++ b/setoolsgui/defaultmodel.py +@@ -5,7 +5,7 @@ + # + from contextlib import suppress + +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + + from .models import SEToolsTableModel + +diff --git a/setoolsgui/details.py b/setoolsgui/details.py +index 8d4882cd6a1e..1cbf6c05590c 100644 +--- a/setoolsgui/details.py ++++ b/setoolsgui/details.py +@@ -5,8 +5,8 @@ + # + import logging + +-from PyQt5.QtGui import QFont, QTextCursor +-from PyQt5.QtWidgets import QDialog ++from PyQt6.QtGui import QFont, QTextCursor ++from PyQt6.QtWidgets import QDialog + + from .widget import SEToolsWidget + +diff --git a/setoolsgui/fsusemodel.py b/setoolsgui/fsusemodel.py +index bc100784c490..327a8653d1b2 100644 +--- a/setoolsgui/fsusemodel.py ++++ b/setoolsgui/fsusemodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + + from .models import SEToolsTableModel + +diff --git a/setoolsgui/genfsconmodel.py b/setoolsgui/genfsconmodel.py +index 1e50d929446a..b3429c81d536 100644 +--- a/setoolsgui/genfsconmodel.py ++++ b/setoolsgui/genfsconmodel.py +@@ -5,7 +5,7 @@ + # + import stat + +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + + from .models import SEToolsTableModel + +diff --git a/setoolsgui/getdetailslist.py b/setoolsgui/getdetailslist.py +index df7149dda0f2..e4e39194456c 100644 +--- a/setoolsgui/getdetailslist.py ++++ b/setoolsgui/getdetailslist.py +@@ -3,8 +3,8 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtGui import QCursor +-from PyQt5.QtWidgets import QAction, QListView, QMenu ++from PyQt6.QtGui import QCursor, QAction ++from PyQt6.QtWidgets import QListView, QMenu + + + class GetDetailsListView(QListView): +diff --git a/setoolsgui/ibendportconmodel.py b/setoolsgui/ibendportconmodel.py +index 37b7a8d74948..49780736b90f 100644 +--- a/setoolsgui/ibendportconmodel.py ++++ b/setoolsgui/ibendportconmodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + + from .models import SEToolsTableModel + +diff --git a/setoolsgui/ibpkeyconmodel.py b/setoolsgui/ibpkeyconmodel.py +index 160425504521..1a339b90110b 100644 +--- a/setoolsgui/ibpkeyconmodel.py ++++ b/setoolsgui/ibpkeyconmodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + + from .models import SEToolsTableModel + +diff --git a/setoolsgui/initsidmodel.py b/setoolsgui/initsidmodel.py +index 9ffb408024fd..04e8a34f931e 100644 +--- a/setoolsgui/initsidmodel.py ++++ b/setoolsgui/initsidmodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + + from .models import SEToolsTableModel + +diff --git a/setoolsgui/listview.py b/setoolsgui/listview.py +index e803975c52c6..ff42bf0f8c57 100644 +--- a/setoolsgui/listview.py ++++ b/setoolsgui/listview.py +@@ -6,9 +6,9 @@ + import logging + from collections import defaultdict + +-from PyQt5.QtCore import Qt, QItemSelectionModel +-from PyQt5.QtGui import QKeySequence +-from PyQt5.QtWidgets import QAbstractItemView, QListView ++from PyQt6.QtCore import Qt, QItemSelectionModel ++from PyQt6.QtGui import QKeySequence ++from PyQt6.QtWidgets import QAbstractItemView, QListView + + + class SEToolsListView(QListView): +diff --git a/setoolsgui/logtosignal.py b/setoolsgui/logtosignal.py +index 7678f0992ce6..5bfab937ecc6 100644 +--- a/setoolsgui/logtosignal.py ++++ b/setoolsgui/logtosignal.py +@@ -5,7 +5,7 @@ + # + + from logging import Formatter, Handler, INFO +-from PyQt5.QtCore import pyqtSignal, QObject ++from PyQt6.QtCore import pyqtSignal, QObject + + + class LogHandlerToSignal(Handler, QObject): +diff --git a/setoolsgui/mlsmodel.py b/setoolsgui/mlsmodel.py +index 147378ef585a..a0bfb3709d57 100644 +--- a/setoolsgui/mlsmodel.py ++++ b/setoolsgui/mlsmodel.py +@@ -3,8 +3,8 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt +-from PyQt5.QtGui import QPalette, QTextCursor ++from PyQt6.QtCore import Qt ++from PyQt6.QtGui import QPalette, QTextCursor + + from .details import DetailsPopup + from .models import SEToolsTableModel +diff --git a/setoolsgui/mlsrulemodel.py b/setoolsgui/mlsrulemodel.py +index 54ad4c216c72..349900ef36d2 100644 +--- a/setoolsgui/mlsrulemodel.py ++++ b/setoolsgui/mlsrulemodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + + from .models import SEToolsTableModel + +diff --git a/setoolsgui/models.py b/setoolsgui/models.py +index dd864e932fbc..0a19c9b26f1e 100644 +--- a/setoolsgui/models.py ++++ b/setoolsgui/models.py +@@ -7,7 +7,7 @@ import logging + from contextlib import suppress + from typing import List + +-from PyQt5.QtCore import QAbstractListModel, QItemSelectionModel, QAbstractTableModel, \ ++from PyQt6.QtCore import QAbstractListModel, QItemSelectionModel, QAbstractTableModel, \ + QModelIndex, QStringListModel, Qt + from setools.exception import NoCommon + +diff --git a/setoolsgui/netifconmodel.py b/setoolsgui/netifconmodel.py +index 54659203e7e5..d9aa87bd0dea 100644 +--- a/setoolsgui/netifconmodel.py ++++ b/setoolsgui/netifconmodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + + from .models import SEToolsTableModel + +diff --git a/setoolsgui/nodeconmodel.py b/setoolsgui/nodeconmodel.py +index f8055fca194d..9bbb426a71aa 100644 +--- a/setoolsgui/nodeconmodel.py ++++ b/setoolsgui/nodeconmodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + + from .models import SEToolsTableModel + +diff --git a/setoolsgui/objclassmodel.py b/setoolsgui/objclassmodel.py +index ff1641f8cc3e..d67d45c12fd4 100644 +--- a/setoolsgui/objclassmodel.py ++++ b/setoolsgui/objclassmodel.py +@@ -5,8 +5,8 @@ + # + from itertools import chain + +-from PyQt5.QtCore import Qt +-from PyQt5.QtGui import QPalette, QTextCursor ++from PyQt6.QtCore import Qt ++from PyQt6.QtGui import QPalette, QTextCursor + + from setools.exception import NoCommon + +diff --git a/setoolsgui/portconmodel.py b/setoolsgui/portconmodel.py +index 1c3de4494af9..5eb3b9327d19 100644 +--- a/setoolsgui/portconmodel.py ++++ b/setoolsgui/portconmodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + + from .models import SEToolsTableModel + +diff --git a/setoolsgui/rbacrulemodel.py b/setoolsgui/rbacrulemodel.py +index 84d2ff09e4fc..c97cf36b0a3a 100644 +--- a/setoolsgui/rbacrulemodel.py ++++ b/setoolsgui/rbacrulemodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + from setools.exception import RuleUseError + + from .models import SEToolsTableModel +diff --git a/setoolsgui/rolemodel.py b/setoolsgui/rolemodel.py +index 2dd7fe64d37e..dc4852225bdb 100644 +--- a/setoolsgui/rolemodel.py ++++ b/setoolsgui/rolemodel.py +@@ -3,8 +3,8 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt +-from PyQt5.QtGui import QPalette, QTextCursor ++from PyQt6.QtCore import Qt ++from PyQt6.QtGui import QPalette, QTextCursor + + from setools.exception import MLSDisabled + +diff --git a/setoolsgui/tableview.py b/setoolsgui/tableview.py +index 9ba49aa50fa3..71174008f85d 100644 +--- a/setoolsgui/tableview.py ++++ b/setoolsgui/tableview.py +@@ -5,9 +5,9 @@ + # + import csv + +-from PyQt5.QtCore import Qt +-from PyQt5.QtGui import QKeySequence, QCursor +-from PyQt5.QtWidgets import QAction, QApplication, QFileDialog, QMenu, QTableView ++from PyQt6.QtCore import Qt ++from PyQt6.QtGui import QAction, QKeySequence, QCursor ++from PyQt6.QtWidgets import QApplication, QFileDialog, QMenu, QTableView + + + class SEToolsTableView(QTableView): +diff --git a/setoolsgui/terulemodel.py b/setoolsgui/terulemodel.py +index 53b61a06d152..ac1b32d76ec4 100644 +--- a/setoolsgui/terulemodel.py ++++ b/setoolsgui/terulemodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt ++from PyQt6.QtCore import Qt + from setools.exception import RuleNotConditional, RuleUseError + + from .models import SEToolsTableModel +diff --git a/setoolsgui/treeview.py b/setoolsgui/treeview.py +index a8f6fb4caef5..bf6d63d2b92b 100644 +--- a/setoolsgui/treeview.py ++++ b/setoolsgui/treeview.py +@@ -3,9 +3,9 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt, QModelIndex +-from PyQt5.QtGui import QKeySequence, QCursor +-from PyQt5.QtWidgets import QAction, QApplication, QFileDialog, QMenu, QTreeWidget, \ ++from PyQt6.QtCore import Qt, QModelIndex ++from PyQt6.QtGui import QAction, QKeySequence, QCursor ++from PyQt6.QtWidgets import QApplication, QFileDialog, QMenu, QTreeWidget, \ + QTreeWidgetItemIterator + + +diff --git a/setoolsgui/typeattrmodel.py b/setoolsgui/typeattrmodel.py +index 0b7c7ffe65a5..ede73228e16a 100644 +--- a/setoolsgui/typeattrmodel.py ++++ b/setoolsgui/typeattrmodel.py +@@ -3,8 +3,8 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt +-from PyQt5.QtGui import QPalette, QTextCursor ++from PyQt6.QtCore import Qt ++from PyQt6.QtGui import QPalette, QTextCursor + + from setools.exception import MLSDisabled + +diff --git a/setoolsgui/typemodel.py b/setoolsgui/typemodel.py +index 037996b96a8c..f25737169762 100644 +--- a/setoolsgui/typemodel.py ++++ b/setoolsgui/typemodel.py +@@ -3,8 +3,8 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt +-from PyQt5.QtGui import QPalette, QTextCursor ++from PyQt6.QtCore import Qt ++from PyQt6.QtGui import QPalette, QTextCursor + + from setools.exception import MLSDisabled + +diff --git a/setoolsgui/usermodel.py b/setoolsgui/usermodel.py +index d5aca7bc11a0..4edb393a9d0e 100644 +--- a/setoolsgui/usermodel.py ++++ b/setoolsgui/usermodel.py +@@ -3,7 +3,7 @@ + # SPDX-License-Identifier: LGPL-2.1-only + # + # +-from PyQt5.QtCore import Qt, QModelIndex ++from PyQt6.QtCore import Qt, QModelIndex + from setools.exception import MLSDisabled + + from .details import DetailsPopup +diff --git a/setoolsgui/widget.py b/setoolsgui/widget.py +index e236623cef96..b2866139564c 100644 +--- a/setoolsgui/widget.py ++++ b/setoolsgui/widget.py +@@ -7,7 +7,7 @@ import sys + from errno import ENOENT + + import pkg_resources +-from PyQt5.uic import loadUi ++from PyQt6.uic import loadUi + + + # Stylesheet that adds a frame around QGroupBoxes +-- +2.41.0 + diff --git a/setools.spec b/setools.spec index 420188c..86a6ee5 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.3 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -11,12 +11,13 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop +Patch1: 0001-Use-the-The-New-Python-Enums.patch +Patch2: 0002-Use-PyQt6.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison BuildRequires: glibc-devel, gcc, git-core BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver} -BuildRequires: qt5-qtbase-devel BuildRequires: swig BuildRequires: python3-Cython BuildRequires: python3-devel @@ -81,7 +82,7 @@ Python 3 modules designed to facilitate SELinux policy analysis. Summary: Policy analysis graphical tools for SELinux License: GPL-2.0-only Requires: python3-setools = %{version}-%{release} -Requires: python3-qt5 +Requires: python3-pyqt6 python3-pyqt6-sip Requires: python3-networkx %description gui @@ -144,6 +145,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Mon Aug 28 2023 Petr Lautrbach - 4.4.3-2 +- Use Qt 6 + * Wed Aug 9 2023 Petr Lautrbach - 4.4.3-1 - SETools 4.4.3 release From 65fa161f6f272a0042f08f904df25eb760870d2d Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 11 Dec 2023 15:56:42 +0100 Subject: [PATCH 59/78] SETools 4.4.4 release --- .gitignore | 1 + 0002-Use-PyQt6.patch => 0001-Use-PyQt6.patch | 0 0001-Use-the-The-New-Python-Enums.patch | 1895 ------------------ setools.spec | 14 +- sources | 2 +- 5 files changed, 10 insertions(+), 1902 deletions(-) rename 0002-Use-PyQt6.patch => 0001-Use-PyQt6.patch (100%) delete mode 100644 0001-Use-the-The-New-Python-Enums.patch diff --git a/.gitignore b/.gitignore index 26db9fc..a5afd44 100644 --- a/.gitignore +++ b/.gitignore @@ -15,3 +15,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.4.1.tar.gz /4.4.2.tar.gz /4.4.3.tar.gz +/4.4.4.tar.gz diff --git a/0002-Use-PyQt6.patch b/0001-Use-PyQt6.patch similarity index 100% rename from 0002-Use-PyQt6.patch rename to 0001-Use-PyQt6.patch diff --git a/0001-Use-the-The-New-Python-Enums.patch b/0001-Use-the-The-New-Python-Enums.patch deleted file mode 100644 index 8fead1e..0000000 --- a/0001-Use-the-The-New-Python-Enums.patch +++ /dev/null @@ -1,1895 +0,0 @@ -From abe184f4899cdab53f5b5c69f00c2eec64176517 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 28 Aug 2023 19:07:06 +0200 -Subject: [PATCH] Use the The New Python Enums -Content-type: text/plain - -https://doc.qt.io/qtforpython-6/considerations.html#the-new-python-enums - -In PyQt5, it's possible to use members of enums in the same scope as -enums, e.g. Qt.red. This is not possible in PyQt6, but both PyQt5 and -PyQt6 support the new python enums - Qt.GlobalColor.red - -This change prepares the code for the future transition to PyQt6. - -Signed-off-by: Petr Lautrbach ---- - setoolsgui/apol/analysistab.py | 2 +- - setoolsgui/apol/boolquery.py | 8 +++---- - setoolsgui/apol/boundsquery.py | 6 +++--- - setoolsgui/apol/categoryquery.py | 8 +++---- - setoolsgui/apol/chooseanalysis.py | 2 +- - setoolsgui/apol/commonquery.py | 10 ++++----- - setoolsgui/apol/constraintquery.py | 10 ++++----- - setoolsgui/apol/defaultquery.py | 10 ++++----- - setoolsgui/apol/dta.py | 6 +++--- - setoolsgui/apol/excludetypes.py | 12 +++++------ - setoolsgui/apol/fsusequery.py | 6 +++--- - setoolsgui/apol/genfsconquery.py | 6 +++--- - setoolsgui/apol/ibendportconquery.py | 6 +++--- - setoolsgui/apol/ibpkeyconquery.py | 6 +++--- - setoolsgui/apol/infoflow.py | 8 +++---- - setoolsgui/apol/initsidquery.py | 6 +++--- - setoolsgui/apol/mainwindow.py | 32 ++++++++++++++-------------- - setoolsgui/apol/mlsrulequery.py | 8 +++---- - setoolsgui/apol/netifconquery.py | 6 +++--- - setoolsgui/apol/nodeconquery.py | 8 +++---- - setoolsgui/apol/objclassquery.py | 12 +++++------ - setoolsgui/apol/permmapedit.py | 12 +++++------ - setoolsgui/apol/portconquery.py | 8 +++---- - setoolsgui/apol/rbacrulequery.py | 8 +++---- - setoolsgui/apol/rolequery.py | 10 ++++----- - setoolsgui/apol/sensitivityquery.py | 8 +++---- - setoolsgui/apol/terulequery.py | 16 +++++++------- - setoolsgui/apol/typeattrquery.py | 10 ++++----- - setoolsgui/apol/typequery.py | 10 ++++----- - setoolsgui/apol/userquery.py | 10 ++++----- - setoolsgui/apol/workspace.py | 8 +++---- - setoolsgui/boolmodel.py | 4 ++-- - setoolsgui/boundsmodel.py | 4 ++-- - setoolsgui/commonmodel.py | 4 ++-- - setoolsgui/constraintmodel.py | 4 ++-- - setoolsgui/defaultmodel.py | 4 ++-- - setoolsgui/details.py | 6 +++--- - setoolsgui/fsusemodel.py | 4 ++-- - setoolsgui/genfsconmodel.py | 4 ++-- - setoolsgui/ibendportconmodel.py | 4 ++-- - setoolsgui/ibpkeyconmodel.py | 4 ++-- - setoolsgui/initsidmodel.py | 4 ++-- - setoolsgui/listview.py | 6 +++--- - setoolsgui/mlsmodel.py | 4 ++-- - setoolsgui/mlsrulemodel.py | 4 ++-- - setoolsgui/models.py | 12 +++++------ - setoolsgui/netifconmodel.py | 4 ++-- - setoolsgui/nodeconmodel.py | 4 ++-- - setoolsgui/objclassmodel.py | 4 ++-- - setoolsgui/portconmodel.py | 4 ++-- - setoolsgui/rbacrulemodel.py | 4 ++-- - setoolsgui/rolemodel.py | 4 ++-- - setoolsgui/tableview.py | 6 +++--- - setoolsgui/terulemodel.py | 4 ++-- - setoolsgui/typeattrmodel.py | 4 ++-- - setoolsgui/typemodel.py | 4 ++-- - setoolsgui/usermodel.py | 4 ++-- - 57 files changed, 198 insertions(+), 198 deletions(-) - -diff --git a/setoolsgui/apol/analysistab.py b/setoolsgui/apol/analysistab.py -index 1ed803419331..bc3629ff274a 100644 ---- a/setoolsgui/apol/analysistab.py -+++ b/setoolsgui/apol/analysistab.py -@@ -100,7 +100,7 @@ class AnalysisTab(SEToolsWidget, QScrollArea, metaclass=TabRegistry): - self._check_query() - - def _check_query(self): -- button = self.buttonBox.button(QDialogButtonBox.Apply) -+ button = self.buttonBox.button(QDialogButtonBox.StandardButton.Apply) - enabled = not self.errors - button.setEnabled(enabled) - button.setToolTip("Run the analysis." if enabled else "There are errors in the tab.") -diff --git a/setoolsgui/apol/boolquery.py b/setoolsgui/apol/boolquery.py -index 5b0cdd8b4322..6116fe48a846 100644 ---- a/setoolsgui/apol/boolquery.py -+++ b/setoolsgui/apol/boolquery.py -@@ -57,13 +57,13 @@ class BoolQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # setup indications of errors on level/range - self.errors = set() - self.orig_palette = self.name.palette() - self.error_palette = self.name.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - - # set up processing thread -@@ -105,7 +105,7 @@ class BoolQueryTab(AnalysisTab): - def get_detail(self): - # .ui is set for single item selection. - index = self.bools.selectedIndexes()[0] -- item = self.bool_model.data(index, Qt.UserRole) -+ item = self.bool_model.data(index, Qt.ItemDataRole.UserRole) - - self.log.debug("Generating detail window for {0}".format(item)) - boolean_detail(self, item) -@@ -187,6 +187,6 @@ class BoolQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/boundsquery.py b/setoolsgui/apol/boundsquery.py -index 8944d1b7bf8a..5b90c2ee2ded 100644 ---- a/setoolsgui/apol/boundsquery.py -+++ b/setoolsgui/apol/boundsquery.py -@@ -52,13 +52,13 @@ class BoundsQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(1, Qt.AscendingOrder) -+ self.table_results.sortByColumn(1, Qt.SortOrder.AscendingOrder) - - # setup indications of errors on level/range - self.errors = set() - self.orig_palette = self.parent.palette() - self.error_palette = self.parent.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_parent_error() - self.clear_child_error() - -@@ -189,6 +189,6 @@ class BoundsQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/categoryquery.py b/setoolsgui/apol/categoryquery.py -index 884b4156d75a..598f163c335f 100644 ---- a/setoolsgui/apol/categoryquery.py -+++ b/setoolsgui/apol/categoryquery.py -@@ -57,13 +57,13 @@ class CategoryQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # setup indications of errors on level/range - self.errors = set() - self.orig_palette = self.name.palette() - self.error_palette = self.name.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - - # set up processing thread -@@ -105,7 +105,7 @@ class CategoryQueryTab(AnalysisTab): - def get_detail(self): - # .ui is set for single item selection. - index = self.cats.selectedIndexes()[0] -- item = self.category_model.data(index, Qt.UserRole) -+ item = self.category_model.data(index, Qt.ItemDataRole.UserRole) - - self.log.debug("Generating detail window for {0}".format(item)) - category_detail(self, item) -@@ -186,6 +186,6 @@ class CategoryQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/chooseanalysis.py b/setoolsgui/apol/chooseanalysis.py -index 892abdaac5f9..155ae6d2f4ae 100644 ---- a/setoolsgui/apol/chooseanalysis.py -+++ b/setoolsgui/apol/chooseanalysis.py -@@ -52,7 +52,7 @@ class ChooseAnalysis(SEToolsWidget, QDialog): - groupitem.addChild(item) - - self.analysisTypes.expandAll() -- self.analysisTypes.sortByColumn(0, Qt.AscendingOrder) -+ self.analysisTypes.sortByColumn(0, Qt.SortOrder.AscendingOrder) - super(ChooseAnalysis, self).show() - - def accept(self, item=None): -diff --git a/setoolsgui/apol/commonquery.py b/setoolsgui/apol/commonquery.py -index e90ec543666b..8fb11e87290d 100644 ---- a/setoolsgui/apol/commonquery.py -+++ b/setoolsgui/apol/commonquery.py -@@ -65,13 +65,13 @@ class CommonQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # setup indications of errors - self.errors = set() - self.orig_palette = self.name.palette() - self.error_palette = self.name.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - - # set up processing thread -@@ -116,7 +116,7 @@ class CommonQueryTab(AnalysisTab): - def get_detail(self): - # .ui is set for single item selection. - index = self.commons.selectedIndexes()[0] -- item = self.common_model.data(index, Qt.UserRole) -+ item = self.common_model.data(index, Qt.ItemDataRole.UserRole) - - self.log.debug("Generating detail window for {0}".format(item)) - common_detail(self, item) -@@ -146,7 +146,7 @@ class CommonQueryTab(AnalysisTab): - def set_perms(self): - selected_perms = [] - for index in self.perms.selectionModel().selectedIndexes(): -- selected_perms.append(self.perms_model.data(index, Qt.UserRole)) -+ selected_perms.append(self.perms_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.perms = selected_perms - -@@ -212,6 +212,6 @@ class CommonQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/constraintquery.py b/setoolsgui/apol/constraintquery.py -index cfa841b22cb5..ee64db0ca1df 100644 ---- a/setoolsgui/apol/constraintquery.py -+++ b/setoolsgui/apol/constraintquery.py -@@ -84,7 +84,7 @@ class ConstraintQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.type_.palette() - self.error_palette = self.type_.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_user_error() - self.clear_type_error() - self.clear_role_error() -@@ -94,7 +94,7 @@ class ConstraintQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -173,7 +173,7 @@ class ConstraintQueryTab(AnalysisTab): - def set_tclass(self): - selected_classes = [] - for index in self.tclass.selectionModel().selectedIndexes(): -- selected_classes.append(self.class_model.data(index, Qt.UserRole)) -+ selected_classes.append(self.class_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.tclass = selected_classes - self.perms_model.set_classes(selected_classes) -@@ -187,7 +187,7 @@ class ConstraintQueryTab(AnalysisTab): - def set_perms(self): - selected_perms = [] - for index in self.perms.selectionModel().selectedIndexes(): -- selected_perms.append(self.perms_model.data(index, Qt.UserRole)) -+ selected_perms.append(self.perms_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.perms = selected_perms - -@@ -323,6 +323,6 @@ class ConstraintQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/defaultquery.py b/setoolsgui/apol/defaultquery.py -index 1efa3c468738..e09692ee6a46 100644 ---- a/setoolsgui/apol/defaultquery.py -+++ b/setoolsgui/apol/defaultquery.py -@@ -52,7 +52,7 @@ class DefaultQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(1, Qt.AscendingOrder) -+ self.table_results.sortByColumn(1, Qt.SortOrder.AscendingOrder) - - # populate class list - self.class_model = SEToolsListModel(self) -@@ -124,7 +124,7 @@ class DefaultQueryTab(AnalysisTab): - def set_tclass(self): - selected_classes = [] - for index in self.tclass.selectionModel().selectedIndexes(): -- selected_classes.append(self.class_model.data(index, Qt.UserRole)) -+ selected_classes.append(self.class_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.tclass = selected_classes - -@@ -163,10 +163,10 @@ class DefaultQueryTab(AnalysisTab): - rule_types.append(mode.objectName()) - - self.query.ruletype = rule_types -- self.query.default = self.default_value.currentData(Qt.UserRole) -+ self.query.default = self.default_value.currentData(Qt.ItemDataRole.UserRole) - - if self.default_range_value.isEnabled(): -- self.query.default_range = self.default_range_value.currentData(Qt.UserRole) -+ self.query.default_range = self.default_range_value.currentData(Qt.ItemDataRole.UserRole) - else: - self.query.default_range = None - -@@ -193,6 +193,6 @@ class DefaultQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index a78d96095b28..8bbed4dbe21f 100644 ---- a/setoolsgui/apol/dta.py -+++ b/setoolsgui/apol/dta.py -@@ -62,7 +62,7 @@ class DomainTransitionAnalysisTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.source.palette() - self.error_palette = self.source.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_source_error() - self.clear_target_error() - -@@ -281,7 +281,7 @@ class DomainTransitionAnalysisTab(AnalysisTab): - - print_transition(self.browser_details.appendPlainText, current.rules) - -- self.browser_details.moveCursor(QTextCursor.Start) -+ self.browser_details.moveCursor(QTextCursor.MoveOperation.Start) - - if not current.child_populated: - self.busy.setLabelText("Gathering additional browser details for {0}...".format( -@@ -337,7 +337,7 @@ class DomainTransitionAnalysisTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - if self.flows_in.isChecked() or self.flows_out.isChecked(): - # move to browser tab for transitions in/out -diff --git a/setoolsgui/apol/excludetypes.py b/setoolsgui/apol/excludetypes.py -index bee73c58dc66..1c4beaf84542 100644 ---- a/setoolsgui/apol/excludetypes.py -+++ b/setoolsgui/apol/excludetypes.py -@@ -40,14 +40,14 @@ class ExcludeTypes(SEToolsWidget, QDialog): - if t not in self.initial_excluded_list] - self.included_sort = FilterByAttributeProxy(self) - self.included_sort.setSourceModel(self.included_model) -- self.included_sort.sort(0, Qt.AscendingOrder) -+ self.included_sort.sort(0, Qt.SortOrder.AscendingOrder) - self.included_types.setModel(self.included_sort) - - self.excluded_model = SEToolsListModel(self) - self.excluded_model.item_list = self.initial_excluded_list - self.excluded_sort = FilterByAttributeProxy(self) - self.excluded_sort.setSourceModel(self.excluded_model) -- self.excluded_sort.sort(0, Qt.AscendingOrder) -+ self.excluded_sort.sort(0, Qt.SortOrder.AscendingOrder) - self.excluded_types.setModel(self.excluded_sort) - - # connect signals -@@ -62,7 +62,7 @@ class ExcludeTypes(SEToolsWidget, QDialog): - selected_types = [] - for index in self.excluded_types.selectionModel().selectedIndexes(): - source_index = self.excluded_sort.mapToSource(index) -- item = self.excluded_model.data(source_index, Qt.UserRole) -+ item = self.excluded_model.data(source_index, Qt.ItemDataRole.UserRole) - self.included_model.append(item) - selected_types.append(item) - -@@ -81,7 +81,7 @@ class ExcludeTypes(SEToolsWidget, QDialog): - selected_types = [] - for index in self.included_types.selectionModel().selectedIndexes(): - source_index = self.included_sort.mapToSource(index) -- item = self.included_model.data(source_index, Qt.UserRole) -+ item = self.included_model.data(source_index, Qt.ItemDataRole.UserRole) - self.excluded_model.append(item) - selected_types.append(item) - -@@ -95,7 +95,7 @@ class ExcludeTypes(SEToolsWidget, QDialog): - - def set_attr_filter(self, row): - index = self.attr_model.index(row) -- attr = self.attr_model.data(index, Qt.UserRole) -+ attr = self.attr_model.data(index, Qt.ItemDataRole.UserRole) - self.log.debug("Attribute set to {0!r}".format(attr)) - self.included_sort.attr = attr - self.excluded_sort.attr = attr -@@ -126,7 +126,7 @@ class FilterByAttributeProxy(QSortFilterProxyModel): - if self.attr: - source = self.sourceModel() - index = source.index(row) -- item = source.data(index, Qt.UserRole) -+ item = source.data(index, Qt.ItemDataRole.UserRole) - if item not in self.attr: - return False - -diff --git a/setoolsgui/apol/fsusequery.py b/setoolsgui/apol/fsusequery.py -index 9bb192b30232..4e7567f4e4c6 100644 ---- a/setoolsgui/apol/fsusequery.py -+++ b/setoolsgui/apol/fsusequery.py -@@ -74,7 +74,7 @@ class FSUseQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.type_.palette() - self.error_palette = self.type_.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_fs_error() - self.clear_user_error() - self.clear_type_error() -@@ -86,7 +86,7 @@ class FSUseQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(1, Qt.AscendingOrder) -+ self.table_results.sortByColumn(1, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -312,6 +312,6 @@ class FSUseQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/genfsconquery.py b/setoolsgui/apol/genfsconquery.py -index 22112a8fb7bf..33dbed787cd6 100644 ---- a/setoolsgui/apol/genfsconquery.py -+++ b/setoolsgui/apol/genfsconquery.py -@@ -74,7 +74,7 @@ class GenfsconQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.type_.palette() - self.error_palette = self.type_.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_fs_error() - self.clear_path_error() - self.clear_user_error() -@@ -87,7 +87,7 @@ class GenfsconQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -312,6 +312,6 @@ class GenfsconQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/ibendportconquery.py b/setoolsgui/apol/ibendportconquery.py -index 6db99c2b5e0f..18252dd23de0 100644 ---- a/setoolsgui/apol/ibendportconquery.py -+++ b/setoolsgui/apol/ibendportconquery.py -@@ -74,7 +74,7 @@ class IbendportconQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.type_.palette() - self.error_palette = self.type_.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - self.clear_port_error() - self.clear_user_error() -@@ -87,7 +87,7 @@ class IbendportconQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -304,6 +304,6 @@ class IbendportconQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/ibpkeyconquery.py b/setoolsgui/apol/ibpkeyconquery.py -index 3efd342145f1..b7a78bf908a0 100644 ---- a/setoolsgui/apol/ibpkeyconquery.py -+++ b/setoolsgui/apol/ibpkeyconquery.py -@@ -74,7 +74,7 @@ class IbpkeyconQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.type_.palette() - self.error_palette = self.type_.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_subnet_prefix_error() - self.clear_pkeys_error() - self.clear_user_error() -@@ -87,7 +87,7 @@ class IbpkeyconQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -317,6 +317,6 @@ class IbpkeyconQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index fb9b4099cfc0..526f3074e143 100644 ---- a/setoolsgui/apol/infoflow.py -+++ b/setoolsgui/apol/infoflow.py -@@ -75,7 +75,7 @@ class InfoFlowAnalysisTab(AnalysisTab): - - # set up error message for missing perm map - self.error_msg = QMessageBox(self) -- self.error_msg.setStandardButtons(QMessageBox.Ok) -+ self.error_msg.setStandardButtons(QMessageBox.StandardButton.Ok) - - # set up perm map editor - self.permmap_editor = PermissionMapEditor(self, False) -@@ -93,7 +93,7 @@ class InfoFlowAnalysisTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.source.palette() - self.error_palette = self.source.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_source_error() - self.clear_target_error() - -@@ -325,7 +325,7 @@ class InfoFlowAnalysisTab(AnalysisTab): - for rule in current.rules: - self.browser_details.appendPlainText(rule) - -- self.browser_details.moveCursor(QTextCursor.Start) -+ self.browser_details.moveCursor(QTextCursor.MoveOperation.Start) - - if not current.child_populated: - self.busy.setLabelText("Gathering additional browser details for {0}...".format( -@@ -390,7 +390,7 @@ class InfoFlowAnalysisTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - if self.flows_in.isChecked() or self.flows_out.isChecked(): - # move to browser tab for flows in/out -diff --git a/setoolsgui/apol/initsidquery.py b/setoolsgui/apol/initsidquery.py -index b31c9986b3a5..d01f87130925 100644 ---- a/setoolsgui/apol/initsidquery.py -+++ b/setoolsgui/apol/initsidquery.py -@@ -74,7 +74,7 @@ class InitialSIDQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.type_.palette() - self.error_palette = self.type_.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - self.clear_user_error() - self.clear_type_error() -@@ -86,7 +86,7 @@ class InitialSIDQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -287,6 +287,6 @@ class InitialSIDQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/mainwindow.py b/setoolsgui/apol/mainwindow.py -index 3cdb11d3e32e..dcbfb7590ef7 100644 ---- a/setoolsgui/apol/mainwindow.py -+++ b/setoolsgui/apol/mainwindow.py -@@ -60,20 +60,20 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): - - # set up error message dialog - self.error_msg = QMessageBox(self) -- self.error_msg.setStandardButtons(QMessageBox.Ok) -+ self.error_msg.setStandardButtons(QMessageBox.StandardButton.Ok) - - # set up permission map editor - self.permmap_editor = PermissionMapEditor(self, True) - - # set up tab name editor - self.tab_editor = QLineEdit(self.AnalysisTabs) -- self.tab_editor.setWindowFlags(Qt.Popup) -+ self.tab_editor.setWindowFlags(Qt.WindowType.Popup) - - # configure tab bar context menu - tabBar = self.AnalysisTabs.tabBar() - tabBar.addAction(self.rename_tab_action) - tabBar.addAction(self.close_tab_action) -- tabBar.setContextMenuPolicy(Qt.ActionsContextMenu) -+ tabBar.setContextMenuPolicy(Qt.ContextMenuPolicy.ActionsContextMenu) - - # capture INFO and higher Python messages from setools lib for status bar - handler = LogHandlerToSignal() -@@ -127,9 +127,9 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): - reply = QMessageBox.question( - self, "Continue?", - "Loading a policy will close all existing analyses. Continue?", -- QMessageBox.Yes | QMessageBox.No) -+ QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) - -- if reply == QMessageBox.No: -+ if reply == QMessageBox.StandardButton.No: - return - - filename = QFileDialog.getOpenFileName(self, "Open policy file", ".", -@@ -163,9 +163,9 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): - reply = QMessageBox.question( - self, "Continue?", - "Closing a policy will close all existing analyses. Continue?", -- QMessageBox.Yes | QMessageBox.No) -+ QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) - -- if reply == QMessageBox.No: -+ if reply == QMessageBox.StandardButton.No: - return - - self.AnalysisTabs.clear() -@@ -245,7 +245,7 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): - counted_name = "{0}: {1}".format(self.tab_counter, tabtitle) - - newanalysis = tabclass(self, self._policy, self._permmap) -- newanalysis.setAttribute(Qt.WA_DeleteOnClose) -+ newanalysis.setAttribute(Qt.WidgetAttribute.WA_DeleteOnClose) - newanalysis.setObjectName(counted_name) - - index = self.AnalysisTabs.addTab(newanalysis, counted_name) -@@ -444,9 +444,9 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): - reply = QMessageBox.question( - self, "Continue?", - "Loading a workspace will close all existing analyses. Continue?", -- QMessageBox.Yes | QMessageBox.No) -+ QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) - -- if reply == QMessageBox.No: -+ if reply == QMessageBox.StandardButton.No: - return - - # 2. try to load the workspace file, if we fail, bail -@@ -633,7 +633,7 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): - - def apol_help(self): - """Open the main help window.""" -- if self.help_process.state() != QProcess.NotRunning: -+ if self.help_process.state() != QProcess.ProcessState.NotRunning: - return - - distro = pkg_resources.get_distribution("setools") -@@ -648,7 +648,7 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): - @pyqtSlot(QProcess.ProcessError) - def help_failed(self, error): - """Starting assistant failed.""" -- if error != QProcess.FailedToStart: -+ if error != QProcess.ProcessError.FailedToStart: - return - - self.log.error("Failed to start Qt assistant {}.".format(self.config.assistant)) -@@ -669,9 +669,9 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): - "This is typically in the assistant or qt5-assistant package. " - "Choose location of Qt Assistant executable?".format( - self.config.assistant), -- QMessageBox.Yes | QMessageBox.No) -+ QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) - -- if reply == QMessageBox.No: -+ if reply == QMessageBox.StandardButton.No: - return - - filename = QFileDialog.getOpenFileName(self, "Location of qt-assistant executable", -@@ -689,12 +689,12 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): - @pyqtSlot(str) - def set_help(self, location): - """Set the help window to the specified document.""" -- if self.help_process.state() == QProcess.NotStarted: -+ if self.help_process.state() == QProcess.ProcessState.NotRunning: - self.apol_help() - if not self.help_process.waitForStarted(): - self.log.warning("Timed out waiting for Qt assistant to start.") - return -- elif self.help_process.state() == QProcess.Starting: -+ elif self.help_process.state() == QProcess.ProcessState.Starting: - if not self.help_process.waitForStarted(): - self.log.warning("Timed out waiting for Qt assistant to start.") - return -diff --git a/setoolsgui/apol/mlsrulequery.py b/setoolsgui/apol/mlsrulequery.py -index ba2be4597982..bb554ade6657 100644 ---- a/setoolsgui/apol/mlsrulequery.py -+++ b/setoolsgui/apol/mlsrulequery.py -@@ -61,7 +61,7 @@ class MLSRuleQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.source.palette() - self.error_palette = self.source.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_source_error() - self.clear_target_error() - self.clear_default_error() -@@ -76,7 +76,7 @@ class MLSRuleQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(1, Qt.AscendingOrder) -+ self.table_results.sortByColumn(1, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -181,7 +181,7 @@ class MLSRuleQueryTab(AnalysisTab): - def set_tclass(self): - selected_classes = [] - for index in self.tclass.selectionModel().selectedIndexes(): -- selected_classes.append(self.class_model.data(index, Qt.UserRole)) -+ selected_classes.append(self.class_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.tclass = selected_classes - -@@ -264,6 +264,6 @@ class MLSRuleQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/netifconquery.py b/setoolsgui/apol/netifconquery.py -index ca2405f7cae6..4cf3de1a9f5c 100644 ---- a/setoolsgui/apol/netifconquery.py -+++ b/setoolsgui/apol/netifconquery.py -@@ -74,7 +74,7 @@ class NetifconQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.type_.palette() - self.error_palette = self.type_.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - self.clear_user_error() - self.clear_type_error() -@@ -86,7 +86,7 @@ class NetifconQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -287,6 +287,6 @@ class NetifconQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/nodeconquery.py b/setoolsgui/apol/nodeconquery.py -index 320b0d616a67..81a33a794c05 100644 ---- a/setoolsgui/apol/nodeconquery.py -+++ b/setoolsgui/apol/nodeconquery.py -@@ -80,7 +80,7 @@ class NodeconQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.type_.palette() - self.error_palette = self.type_.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_network_error() - self.clear_user_error() - self.clear_type_error() -@@ -92,7 +92,7 @@ class NodeconQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -263,7 +263,7 @@ class NodeconQueryTab(AnalysisTab): - def run(self, button): - # right now there is only one button. - self.query.network_overlap = self.network_overlap.isChecked() -- self.query.ip_version = self.ip_version.currentData(Qt.UserRole) -+ self.query.ip_version = self.ip_version.currentData(Qt.ItemDataRole.UserRole) - self.query.range_overlap = self.range_overlap.isChecked() - self.query.range_subset = self.range_subset.isChecked() - self.query.range_superset = self.range_superset.isChecked() -@@ -291,6 +291,6 @@ class NodeconQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/objclassquery.py b/setoolsgui/apol/objclassquery.py -index 9744a187ade7..23c8188e8bbd 100644 ---- a/setoolsgui/apol/objclassquery.py -+++ b/setoolsgui/apol/objclassquery.py -@@ -66,13 +66,13 @@ class ObjClassQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # setup indications of errors on level/range - self.errors = set() - self.orig_palette = self.name.palette() - self.error_palette = self.name.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - - # set up processing thread -@@ -117,7 +117,7 @@ class ObjClassQueryTab(AnalysisTab): - def get_detail(self): - # .ui is set for single item selection. - index = self.classes.selectedIndexes()[0] -- item = self.class_model.data(index, Qt.UserRole) -+ item = self.class_model.data(index, Qt.ItemDataRole.UserRole) - - self.log.debug("Generating detail window for {0}".format(item)) - class_detail(self, item) -@@ -146,7 +146,7 @@ class ObjClassQueryTab(AnalysisTab): - # - def set_common(self): - for index in self.common.selectionModel().selectedIndexes(): -- self.query.common = self.common_model.data(index, Qt.UserRole) -+ self.query.common = self.common_model.data(index, Qt.ItemDataRole.UserRole) - break - else: - self.query.common = None -@@ -157,7 +157,7 @@ class ObjClassQueryTab(AnalysisTab): - def set_perms(self): - selected_perms = [] - for index in self.perms.selectionModel().selectedIndexes(): -- selected_perms.append(self.perms_model.data(index, Qt.UserRole)) -+ selected_perms.append(self.perms_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.perms = selected_perms - -@@ -224,6 +224,6 @@ class ObjClassQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/permmapedit.py b/setoolsgui/apol/permmapedit.py -index 97482b30e1a2..d1e0b01ce854 100644 ---- a/setoolsgui/apol/permmapedit.py -+++ b/setoolsgui/apol/permmapedit.py -@@ -86,7 +86,7 @@ class PermissionMapEditor(SEToolsWidget, QDialog): - def class_selected(self): - # the .ui is set to 1 selection - for index in self.classes.selectionModel().selectedIndexes(): -- class_name = self.class_model.data(index, Qt.DisplayRole) -+ class_name = self.class_model.data(index, Qt.ItemDataRole.DisplayRole) - - self.log.debug("Setting class to {0}".format(class_name)) - -@@ -99,15 +99,15 @@ class PermissionMapEditor(SEToolsWidget, QDialog): - for perm in sorted(self.perm_map.perms(class_name)): - # create permission mapping - mapping = PermissionMapping(self, perm, self.edit) -- mapping.setAttribute(Qt.WA_DeleteOnClose) -+ mapping.setAttribute(Qt.WidgetAttribute.WA_DeleteOnClose) - self.class_toggle.connect(mapping.enabled.setChecked) - self.perm_mappings.addWidget(mapping) - self.widgets.append(mapping) - - # add horizonal line - line = QFrame(self) -- line.setFrameShape(QFrame.HLine) -- line.setFrameShadow(QFrame.Sunken) -+ line.setFrameShape(QFrame.Shape.HLine) -+ line.setFrameShadow(QFrame.Shadow.Sunken) - self.perm_mappings.addWidget(line) - self.widgets.append(line) - -@@ -179,8 +179,8 @@ class PermissionMapping(SEToolsWidget, QWidget): - # setup color palettes for direction - self.orig_palette = self.direction.palette() - self.error_palette = self.direction.palette() -- self.error_palette.setColor(QPalette.Button, Qt.red) -- self.error_palette.setColor(QPalette.ButtonText, Qt.white) -+ self.error_palette.setColor(QPalette.ColorRole.Button, Qt.GlobalColor.red) -+ self.error_palette.setColor(QPalette.ColorRole.ButtonText, Qt.GlobalColor.white) - - # setup direction - self.direction.insertItems(0, index_to_word) -diff --git a/setoolsgui/apol/portconquery.py b/setoolsgui/apol/portconquery.py -index 50d054f867a5..de0a16567f1c 100644 ---- a/setoolsgui/apol/portconquery.py -+++ b/setoolsgui/apol/portconquery.py -@@ -75,7 +75,7 @@ class PortconQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.type_.palette() - self.error_palette = self.type_.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_ports_error() - self.clear_user_error() - self.clear_type_error() -@@ -92,7 +92,7 @@ class PortconQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -280,7 +280,7 @@ class PortconQueryTab(AnalysisTab): - self.query.ports_overlap = self.ports_overlap.isChecked() - self.query.ports_subset = self.ports_subset.isChecked() - self.query.ports_superset = self.ports_superset.isChecked() -- self.query.protocol = self.protocol.currentData(Qt.UserRole) -+ self.query.protocol = self.protocol.currentData(Qt.ItemDataRole.UserRole) - self.query.range_overlap = self.range_overlap.isChecked() - self.query.range_subset = self.range_subset.isChecked() - self.query.range_superset = self.range_superset.isChecked() -@@ -308,6 +308,6 @@ class PortconQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/rbacrulequery.py b/setoolsgui/apol/rbacrulequery.py -index 0ce4bb9ad6c6..4749d324d858 100644 ---- a/setoolsgui/apol/rbacrulequery.py -+++ b/setoolsgui/apol/rbacrulequery.py -@@ -71,7 +71,7 @@ class RBACRuleQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.source.palette() - self.error_palette = self.source.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_source_error() - self.clear_target_error() - self.clear_default_error() -@@ -86,7 +86,7 @@ class RBACRuleQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -194,7 +194,7 @@ class RBACRuleQueryTab(AnalysisTab): - def set_tclass(self): - selected_classes = [] - for index in self.tclass.selectionModel().selectedIndexes(): -- selected_classes.append(self.class_model.data(index, Qt.UserRole)) -+ selected_classes.append(self.class_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.tclass = selected_classes - -@@ -292,6 +292,6 @@ class RBACRuleQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/rolequery.py b/setoolsgui/apol/rolequery.py -index 29983a5961ee..e75614d9a992 100644 ---- a/setoolsgui/apol/rolequery.py -+++ b/setoolsgui/apol/rolequery.py -@@ -62,13 +62,13 @@ class RoleQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # setup indications of errors on level/range - self.errors = set() - self.orig_palette = self.name.palette() - self.error_palette = self.name.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - - # set up processing thread -@@ -112,7 +112,7 @@ class RoleQueryTab(AnalysisTab): - def get_detail(self): - # .ui is set for single item selection. - index = self.roles.selectedIndexes()[0] -- item = self.role_model.data(index, Qt.UserRole) -+ item = self.role_model.data(index, Qt.ItemDataRole.UserRole) - - self.log.debug("Generating detail window for {0}".format(item)) - role_detail(self, item) -@@ -142,7 +142,7 @@ class RoleQueryTab(AnalysisTab): - def set_types(self): - selected_types = [] - for index in self.types.selectionModel().selectedIndexes(): -- selected_types.append(self.type_model.data(index, Qt.UserRole)) -+ selected_types.append(self.type_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.types = selected_types - -@@ -209,6 +209,6 @@ class RoleQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/sensitivityquery.py b/setoolsgui/apol/sensitivityquery.py -index d5bcbec53fda..c8a27891ae97 100644 ---- a/setoolsgui/apol/sensitivityquery.py -+++ b/setoolsgui/apol/sensitivityquery.py -@@ -57,13 +57,13 @@ class SensitivityQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # setup indications of errors on level/range - self.errors = set() - self.orig_palette = self.name.palette() - self.error_palette = self.name.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - - # set up processing thread -@@ -105,7 +105,7 @@ class SensitivityQueryTab(AnalysisTab): - def get_detail(self): - # .ui is set for single item selection. - index = self.sens.selectedIndexes()[0] -- item = self.sensitivity_model.data(index, Qt.UserRole) -+ item = self.sensitivity_model.data(index, Qt.ItemDataRole.UserRole) - - self.log.debug("Generating detail window for {0}".format(item)) - sensitivity_detail(self, item) -@@ -186,6 +186,6 @@ class SensitivityQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/terulequery.py b/setoolsgui/apol/terulequery.py -index 3064710550f5..7c99469edc87 100644 ---- a/setoolsgui/apol/terulequery.py -+++ b/setoolsgui/apol/terulequery.py -@@ -69,7 +69,7 @@ class TERuleQueryTab(AnalysisTab): - self.errors = set() - self.orig_palette = self.source.palette() - self.error_palette = self.source.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_source_error() - self.clear_target_error() - self.clear_default_error() -@@ -94,7 +94,7 @@ class TERuleQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # set up processing thread - self.thread = QThread() -@@ -221,7 +221,7 @@ class TERuleQueryTab(AnalysisTab): - def set_tclass(self): - selected_classes = [] - for index in self.tclass.selectionModel().selectedIndexes(): -- selected_classes.append(self.class_model.data(index, Qt.UserRole)) -+ selected_classes.append(self.class_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.tclass = selected_classes - self.perms_model.set_classes(selected_classes) -@@ -236,7 +236,7 @@ class TERuleQueryTab(AnalysisTab): - def set_perms(self): - selected_perms = [] - for index in self.perms.selectionModel().selectedIndexes(): -- selected_perms.append(self.perms_model.data(index, Qt.UserRole)) -+ selected_perms.append(self.perms_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.perms = selected_perms - -@@ -302,7 +302,7 @@ class TERuleQueryTab(AnalysisTab): - def set_bools(self): - selected_bools = [] - for index in self.bool_criteria.selectionModel().selectedIndexes(): -- selected_bools.append(self.bool_model.data(index, Qt.UserRole)) -+ selected_bools.append(self.bool_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.boolean = selected_bools - -@@ -407,9 +407,9 @@ class TERuleQueryTab(AnalysisTab): - reply = QMessageBox.question( - self, "Continue?", - "This is a broad query, estimated to return {0} results. Continue?". -- format(max_results), QMessageBox.Yes | QMessageBox.No) -+ format(max_results), QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) - -- if reply == QMessageBox.No: -+ if reply == QMessageBox.StandardButton.No: - return - - # start processing -@@ -440,6 +440,6 @@ class TERuleQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/typeattrquery.py b/setoolsgui/apol/typeattrquery.py -index 14a4141d922a..67a087a7e3f0 100644 ---- a/setoolsgui/apol/typeattrquery.py -+++ b/setoolsgui/apol/typeattrquery.py -@@ -62,13 +62,13 @@ class TypeAttributeQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # setup indications of errors on level/range - self.errors = set() - self.orig_palette = self.name.palette() - self.error_palette = self.name.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - - # set up processing thread -@@ -112,7 +112,7 @@ class TypeAttributeQueryTab(AnalysisTab): - def get_detail(self): - # .ui is set for single item selection. - index = self.attrs.selectedIndexes()[0] -- item = self.attr_model.data(index, Qt.UserRole) -+ item = self.attr_model.data(index, Qt.ItemDataRole.UserRole) - - self.log.debug("Generating detail window for {0}".format(item)) - typeattr_detail(self, item) -@@ -142,7 +142,7 @@ class TypeAttributeQueryTab(AnalysisTab): - def set_types(self): - selected_types = [] - for index in self.types.selectionModel().selectedIndexes(): -- selected_types.append(self.type_model.data(index, Qt.UserRole)) -+ selected_types.append(self.type_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.types = selected_types - -@@ -209,6 +209,6 @@ class TypeAttributeQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/typequery.py b/setoolsgui/apol/typequery.py -index 2e261ccd52db..a22e3547cd16 100644 ---- a/setoolsgui/apol/typequery.py -+++ b/setoolsgui/apol/typequery.py -@@ -62,13 +62,13 @@ class TypeQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # setup indications of errors on level/range - self.errors = set() - self.orig_palette = self.name.palette() - self.error_palette = self.name.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - - # set up processing thread -@@ -112,7 +112,7 @@ class TypeQueryTab(AnalysisTab): - def get_detail(self): - # .ui is set for single item selection. - index = self.types.selectedIndexes()[0] -- item = self.type_model.data(index, Qt.UserRole) -+ item = self.type_model.data(index, Qt.ItemDataRole.UserRole) - - self.log.debug("Generating detail window for {0}".format(item)) - type_detail(self, item) -@@ -142,7 +142,7 @@ class TypeQueryTab(AnalysisTab): - def set_attrs(self): - selected_attrs = [] - for index in self.attrs.selectionModel().selectedIndexes(): -- selected_attrs.append(self.attr_model.data(index, Qt.UserRole)) -+ selected_attrs.append(self.attr_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.attrs = selected_attrs - -@@ -213,6 +213,6 @@ class TypeQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/userquery.py b/setoolsgui/apol/userquery.py -index c325888db8ec..19ffb03c2975 100644 ---- a/setoolsgui/apol/userquery.py -+++ b/setoolsgui/apol/userquery.py -@@ -62,13 +62,13 @@ class UserQueryTab(AnalysisTab): - self.sort_proxy = QSortFilterProxyModel(self) - self.sort_proxy.setSourceModel(self.table_results_model) - self.table_results.setModel(self.sort_proxy) -- self.table_results.sortByColumn(0, Qt.AscendingOrder) -+ self.table_results.sortByColumn(0, Qt.SortOrder.AscendingOrder) - - # setup indications of errors on level/range - self.errors = set() - self.orig_palette = self.name.palette() - self.error_palette = self.name.palette() -- self.error_palette.setColor(QPalette.Base, Qt.red) -+ self.error_palette.setColor(QPalette.ColorRole.Base, Qt.GlobalColor.red) - self.clear_name_error() - - if self.policy.mls: -@@ -135,7 +135,7 @@ class UserQueryTab(AnalysisTab): - def get_detail(self): - # .ui is set for single item selection. - index = self.users.selectedIndexes()[0] -- item = self.user_model.data(index, Qt.UserRole) -+ item = self.user_model.data(index, Qt.ItemDataRole.UserRole) - - self.log.debug("Generating detail window for {0}".format(item)) - user_detail(self, item) -@@ -165,7 +165,7 @@ class UserQueryTab(AnalysisTab): - def set_roles(self): - selected_roles = [] - for index in self.roles.selectionModel().selectedIndexes(): -- selected_roles.append(self.role_model.data(index, Qt.UserRole)) -+ selected_roles.append(self.role_model.data(index, Qt.ItemDataRole.UserRole)) - - self.query.roles = selected_roles - -@@ -262,6 +262,6 @@ class UserQueryTab(AnalysisTab): - if not self.busy.wasCanceled(): - self.busy.setLabelText("Moving the raw result to top; GUI may be unresponsive") - self.busy.repaint() -- self.raw_results.moveCursor(QTextCursor.Start) -+ self.raw_results.moveCursor(QTextCursor.MoveOperation.Start) - - self.busy.reset() -diff --git a/setoolsgui/apol/workspace.py b/setoolsgui/apol/workspace.py -index 0f8ec82cdaea..2b4229224b85 100644 ---- a/setoolsgui/apol/workspace.py -+++ b/setoolsgui/apol/workspace.py -@@ -141,7 +141,7 @@ def save_listviews(tab, settings, listviews): - - selections = [] - for index in listview.selectedIndexes(): -- item = datamodel.data(index, Qt.DisplayRole) -+ item = datamodel.data(index, Qt.ItemDataRole.DisplayRole) - selections.append(item) - - settings[entry] = selections -@@ -181,10 +181,10 @@ def load_listviews(tab, settings, listviews): - - for row in range(datamodel.rowCount()): - index = datamodel.createIndex(row, 0) -- item = datamodel.data(index, Qt.DisplayRole) -+ item = datamodel.data(index, Qt.ItemDataRole.DisplayRole) - - if item in selections: -- selectionmodel.select(index, QItemSelectionModel.Select) -+ selectionmodel.select(index, QItemSelectionModel.SelectionFlag.Select) - - - def save_comboboxes(tab, settings, comboboxes): -@@ -199,7 +199,7 @@ def save_comboboxes(tab, settings, comboboxes): - - for entry in comboboxes: - combobox = getattr(tab, entry) -- settings[entry] = combobox.currentData(Qt.DisplayRole) -+ settings[entry] = combobox.currentData(Qt.ItemDataRole.DisplayRole) - - - def load_comboboxes(tab, settings, comboboxes): -diff --git a/setoolsgui/boolmodel.py b/setoolsgui/boolmodel.py -index 0d698c92f51b..c331fdd5057d 100644 ---- a/setoolsgui/boolmodel.py -+++ b/setoolsgui/boolmodel.py -@@ -38,12 +38,12 @@ class BooleanTableModel(SEToolsTableModel): - col = index.column() - boolean = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return boolean.name - elif col == 1: - return str(boolean.state) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - # get the whole rule for boolean boolean - return boolean -diff --git a/setoolsgui/boundsmodel.py b/setoolsgui/boundsmodel.py -index c84f612a3b3a..c7ed1e7c227f 100644 ---- a/setoolsgui/boundsmodel.py -+++ b/setoolsgui/boundsmodel.py -@@ -20,7 +20,7 @@ class BoundsTableModel(SEToolsTableModel): - col = index.column() - item = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return item.ruletype.name - elif col == 1: -@@ -28,5 +28,5 @@ class BoundsTableModel(SEToolsTableModel): - elif col == 2: - return item.child.name - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return item -diff --git a/setoolsgui/commonmodel.py b/setoolsgui/commonmodel.py -index a6f6fed53840..2ceb57f4f0a3 100644 ---- a/setoolsgui/commonmodel.py -+++ b/setoolsgui/commonmodel.py -@@ -42,11 +42,11 @@ class CommonTableModel(SEToolsTableModel): - col = index.column() - item = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return item.name - elif col == 1: - return ", ".join(sorted(item.perms)) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return item -diff --git a/setoolsgui/constraintmodel.py b/setoolsgui/constraintmodel.py -index 122dff0b5139..d295f28f208b 100644 ---- a/setoolsgui/constraintmodel.py -+++ b/setoolsgui/constraintmodel.py -@@ -21,7 +21,7 @@ class ConstraintTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return rule.ruletype.name - elif col == 1: -@@ -34,5 +34,5 @@ class ConstraintTableModel(SEToolsTableModel): - elif col == 3: - return str(rule.expression) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/defaultmodel.py b/setoolsgui/defaultmodel.py -index b9a6a58ebfea..3a699c49ce8c 100644 ---- a/setoolsgui/defaultmodel.py -+++ b/setoolsgui/defaultmodel.py -@@ -22,7 +22,7 @@ class DefaultTableModel(SEToolsTableModel): - col = index.column() - item = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return item.ruletype.name - elif col == 1: -@@ -33,5 +33,5 @@ class DefaultTableModel(SEToolsTableModel): - with suppress(AttributeError): - return item.default_range.name - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return item -diff --git a/setoolsgui/details.py b/setoolsgui/details.py -index 4eb70066cfdb..8d4882cd6a1e 100644 ---- a/setoolsgui/details.py -+++ b/setoolsgui/details.py -@@ -37,15 +37,15 @@ class DetailsPopup(SEToolsWidget, QDialog): - self.setWindowTitle(text) - - def append(self, text): -- self.contents.setFontWeight(QFont.Normal) -+ self.contents.setFontWeight(QFont.Weight.Normal) - self.contents.setFontPointSize(9) - self.contents.append(text) - - def append_header(self, text): -- self.contents.setFontWeight(QFont.Black) -+ self.contents.setFontWeight(QFont.Weight.Black) - self.contents.setFontPointSize(11) - self.contents.append(text) - - def show(self): -- self.contents.moveCursor(QTextCursor.Start) -+ self.contents.moveCursor(QTextCursor.MoveOperation.Start) - super(DetailsPopup, self).show() -diff --git a/setoolsgui/fsusemodel.py b/setoolsgui/fsusemodel.py -index 2b3a3f402af9..bc100784c490 100644 ---- a/setoolsgui/fsusemodel.py -+++ b/setoolsgui/fsusemodel.py -@@ -20,7 +20,7 @@ class FSUseTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return rule.ruletype.name - elif col == 1: -@@ -28,5 +28,5 @@ class FSUseTableModel(SEToolsTableModel): - elif col == 2: - return str(rule.context) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/genfsconmodel.py b/setoolsgui/genfsconmodel.py -index 6fc46408865c..1e50d929446a 100644 ---- a/setoolsgui/genfsconmodel.py -+++ b/setoolsgui/genfsconmodel.py -@@ -32,7 +32,7 @@ class GenfsconTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return rule.fs - elif col == 1: -@@ -42,5 +42,5 @@ class GenfsconTableModel(SEToolsTableModel): - elif col == 3: - return str(rule.context) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/ibendportconmodel.py b/setoolsgui/ibendportconmodel.py -index 199932d39415..37b7a8d74948 100644 ---- a/setoolsgui/ibendportconmodel.py -+++ b/setoolsgui/ibendportconmodel.py -@@ -20,7 +20,7 @@ class IbendportconTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return rule.name - elif col == 1: -@@ -28,5 +28,5 @@ class IbendportconTableModel(SEToolsTableModel): - elif col == 2: - return str(rule.context) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/ibpkeyconmodel.py b/setoolsgui/ibpkeyconmodel.py -index f3cd95205d51..160425504521 100644 ---- a/setoolsgui/ibpkeyconmodel.py -+++ b/setoolsgui/ibpkeyconmodel.py -@@ -20,7 +20,7 @@ class IbpkeyconTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return str(rule.subnet_prefix) - elif col == 1: -@@ -32,5 +32,5 @@ class IbpkeyconTableModel(SEToolsTableModel): - elif col == 2: - return str(rule.context) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/initsidmodel.py b/setoolsgui/initsidmodel.py -index 1155a50fccb9..9ffb408024fd 100644 ---- a/setoolsgui/initsidmodel.py -+++ b/setoolsgui/initsidmodel.py -@@ -20,11 +20,11 @@ class InitialSIDTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return rule.name - elif col == 1: - return str(rule.context) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/listview.py b/setoolsgui/listview.py -index a4beda50b9f6..e803975c52c6 100644 ---- a/setoolsgui/listview.py -+++ b/setoolsgui/listview.py -@@ -34,14 +34,14 @@ class SEToolsListView(QListView): - - for row in range(model.rowCount()): - index = model.createIndex(row, 0) -- selection_model.select(index, QItemSelectionModel.Toggle) -+ selection_model.select(index, QItemSelectionModel.SelectionFlag.Toggle) - -- def selection(self, qt_role=Qt.UserRole): -+ def selection(self, qt_role=Qt.ItemDataRole.UserRole): - """ - Generator which returns the selection. - - Parameter: -- qt_role The Qt model role. Default is Qt.UserRole. -+ qt_role The Qt model role. Default is Qt.ItemDataRole.UserRole. - - Yield: tuple(row, data) - row The row number of the selection. -diff --git a/setoolsgui/mlsmodel.py b/setoolsgui/mlsmodel.py -index 8dfb28066d34..147378ef585a 100644 ---- a/setoolsgui/mlsmodel.py -+++ b/setoolsgui/mlsmodel.py -@@ -63,11 +63,11 @@ class MLSComponentTableModel(SEToolsTableModel): - col = index.column() - item = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return item.name - elif col == 1: - return ", ".join(sorted(a for a in item.aliases())) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return item -diff --git a/setoolsgui/mlsrulemodel.py b/setoolsgui/mlsrulemodel.py -index 4fa4f186a6cf..54ad4c216c72 100644 ---- a/setoolsgui/mlsrulemodel.py -+++ b/setoolsgui/mlsrulemodel.py -@@ -20,7 +20,7 @@ class MLSRuleTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return rule.ruletype.name - elif col == 1: -@@ -32,5 +32,5 @@ class MLSRuleTableModel(SEToolsTableModel): - elif col == 4: - return str(rule.default) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/models.py b/setoolsgui/models.py -index fc7bf3df9ccf..dd864e932fbc 100644 ---- a/setoolsgui/models.py -+++ b/setoolsgui/models.py -@@ -19,7 +19,7 @@ def invert_list_selection(selection_model): - rowcount = model.rowCount() - for row in range(rowcount): - index = model.createIndex(row, 0) -- selection_model.select(index, QItemSelectionModel.Toggle) -+ selection_model.select(index, QItemSelectionModel.SelectionFlag.Toggle) - - - class SEToolsListModel(QAbstractListModel): -@@ -27,8 +27,8 @@ class SEToolsListModel(QAbstractListModel): - """ - The purpose of this model is to have the - objects return their string representations -- for Qt.DisplayRole and return the object -- for Qt.UserRole. -+ for Qt.ItemDataRole.DisplayRole and return the object -+ for Qt.ItemDataRole.UserRole. - - Some Python list-like functions are provided - for altering the model: append and remove -@@ -81,9 +81,9 @@ class SEToolsListModel(QAbstractListModel): - row = index.row() - item = self.item_list[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - return str(item) -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return item - - -@@ -133,7 +133,7 @@ class SEToolsTableModel(QAbstractTableModel): - self.resultlist = [] - - def headerData(self, section, orientation, role): -- if role == Qt.DisplayRole and orientation == Qt.Horizontal: -+ if role == Qt.ItemDataRole.DisplayRole and orientation == Qt.Orientation.Horizontal: - return self.headers[section] - - def rowCount(self, parent=QModelIndex()): -diff --git a/setoolsgui/netifconmodel.py b/setoolsgui/netifconmodel.py -index 3d2e4b8b6ee1..54659203e7e5 100644 ---- a/setoolsgui/netifconmodel.py -+++ b/setoolsgui/netifconmodel.py -@@ -20,7 +20,7 @@ class NetifconTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return rule.netif - elif col == 1: -@@ -28,5 +28,5 @@ class NetifconTableModel(SEToolsTableModel): - elif col == 2: - return str(rule.packet) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/nodeconmodel.py b/setoolsgui/nodeconmodel.py -index ec4d66e9a026..f8055fca194d 100644 ---- a/setoolsgui/nodeconmodel.py -+++ b/setoolsgui/nodeconmodel.py -@@ -20,11 +20,11 @@ class NodeconTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return str(rule.network.with_netmask) - elif col == 1: - return str(rule.context) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/objclassmodel.py b/setoolsgui/objclassmodel.py -index 9823b73b30ee..ff1641f8cc3e 100644 ---- a/setoolsgui/objclassmodel.py -+++ b/setoolsgui/objclassmodel.py -@@ -58,7 +58,7 @@ class ObjClassTableModel(SEToolsTableModel): - col = index.column() - item = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return item.name - elif col == 1: -@@ -69,5 +69,5 @@ class ObjClassTableModel(SEToolsTableModel): - - return ", ".join(sorted(chain(com_perms, item.perms))) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return item -diff --git a/setoolsgui/portconmodel.py b/setoolsgui/portconmodel.py -index 39d2c72e4625..1c3de4494af9 100644 ---- a/setoolsgui/portconmodel.py -+++ b/setoolsgui/portconmodel.py -@@ -20,7 +20,7 @@ class PortconTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - low, high = rule.ports - if low == high: -@@ -32,5 +32,5 @@ class PortconTableModel(SEToolsTableModel): - elif col == 2: - return str(rule.context) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/rbacrulemodel.py b/setoolsgui/rbacrulemodel.py -index d8df9409ed56..84d2ff09e4fc 100644 ---- a/setoolsgui/rbacrulemodel.py -+++ b/setoolsgui/rbacrulemodel.py -@@ -21,7 +21,7 @@ class RBACRuleTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return rule.ruletype.name - elif col == 1: -@@ -41,5 +41,5 @@ class RBACRuleTableModel(SEToolsTableModel): - except RuleUseError: - return None - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/rolemodel.py b/setoolsgui/rolemodel.py -index 004f4e7614ba..2dd7fe64d37e 100644 ---- a/setoolsgui/rolemodel.py -+++ b/setoolsgui/rolemodel.py -@@ -47,11 +47,11 @@ class RoleTableModel(SEToolsTableModel): - col = index.column() - item = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return item.name - elif col == 1: - return ", ".join(sorted(t.name for t in item.types())) -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - # get the whole object - return item -diff --git a/setoolsgui/tableview.py b/setoolsgui/tableview.py -index 9726cb053466..9ba49aa50fa3 100644 ---- a/setoolsgui/tableview.py -+++ b/setoolsgui/tableview.py -@@ -45,7 +45,7 @@ class SEToolsTableView(QTableView): - elif prev_col is not None and current_col != prev_col: - selected_text.append('\t') - -- selected_text.append(datamodel.data(index, Qt.DisplayRole)) -+ selected_text.append(datamodel.data(index, Qt.ItemDataRole.DisplayRole)) - - prev_row = current_row - prev_col = current_col -@@ -76,7 +76,7 @@ class SEToolsTableView(QTableView): - # write headers - csv_row = [] - for col in range(col_count): -- csv_row.append(datamodel.headerData(col, Qt.Horizontal, Qt.DisplayRole)) -+ csv_row.append(datamodel.headerData(col, Qt.Orientation.Horizontal, Qt.ItemDataRole.DisplayRole)) - - writer.writerow(csv_row) - -@@ -86,6 +86,6 @@ class SEToolsTableView(QTableView): - - for col in range(col_count): - index = datamodel.index(row, col) -- csv_row.append(datamodel.data(index, Qt.DisplayRole)) -+ csv_row.append(datamodel.data(index, Qt.ItemDataRole.DisplayRole)) - - writer.writerow(csv_row) -diff --git a/setoolsgui/terulemodel.py b/setoolsgui/terulemodel.py -index 4d51ac8e9b25..53b61a06d152 100644 ---- a/setoolsgui/terulemodel.py -+++ b/setoolsgui/terulemodel.py -@@ -22,7 +22,7 @@ class TERuleTableModel(SEToolsTableModel): - col = index.column() - rule = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return rule.ruletype.name - elif col == 1: -@@ -50,5 +50,5 @@ class TERuleTableModel(SEToolsTableModel): - except RuleNotConditional: - return None - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return rule -diff --git a/setoolsgui/typeattrmodel.py b/setoolsgui/typeattrmodel.py -index 1a752fcd82f0..0b7c7ffe65a5 100644 ---- a/setoolsgui/typeattrmodel.py -+++ b/setoolsgui/typeattrmodel.py -@@ -44,11 +44,11 @@ class TypeAttributeTableModel(SEToolsTableModel): - col = index.column() - item = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return item.name - elif col == 1: - return ", ".join(sorted(t.name for t in item.expand())) - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return item -diff --git a/setoolsgui/typemodel.py b/setoolsgui/typemodel.py -index 841cc42a52d3..037996b96a8c 100644 ---- a/setoolsgui/typemodel.py -+++ b/setoolsgui/typemodel.py -@@ -50,7 +50,7 @@ class TypeTableModel(SEToolsTableModel): - col = index.column() - item = self.resultlist[row] - -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - if col == 0: - return item.name - elif col == 1: -@@ -60,5 +60,5 @@ class TypeTableModel(SEToolsTableModel): - elif col == 3 and item.ispermissive: - return "Permissive" - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return item -diff --git a/setoolsgui/usermodel.py b/setoolsgui/usermodel.py -index d0a4b0ed1a63..d5aca7bc11a0 100644 ---- a/setoolsgui/usermodel.py -+++ b/setoolsgui/usermodel.py -@@ -56,7 +56,7 @@ class UserTableModel(SEToolsTableModel): - - def data(self, index, role): - if self.resultlist and index.isValid(): -- if role == Qt.DisplayRole: -+ if role == Qt.ItemDataRole.DisplayRole: - row = index.row() - col = index.column() - user = self.resultlist[row] -@@ -76,5 +76,5 @@ class UserTableModel(SEToolsTableModel): - except MLSDisabled: - return None - -- elif role == Qt.UserRole: -+ elif role == Qt.ItemDataRole.UserRole: - return user --- -2.41.0 - diff --git a/setools.spec b/setools.spec index 86a6ee5..ece4334 100644 --- a/setools.spec +++ b/setools.spec @@ -1,9 +1,9 @@ -%global sepol_ver 3.5-1 -%global selinux_ver 3.5-1 +%global sepol_ver 3.6 +%global selinux_ver 3.6 Name: setools -Version: 4.4.3 -Release: 2%{?dist} +Version: 4.4.4 +Release: 1%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -11,8 +11,7 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch1: 0001-Use-the-The-New-Python-Enums.patch -Patch2: 0002-Use-PyQt6.patch +Patch1: 0001-Use-PyQt6.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison @@ -145,6 +144,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Mon Dec 11 2023 Petr Lautrbach - 4.4.4-1 +- SETools 4.4.4 release + * Mon Aug 28 2023 Petr Lautrbach - 4.4.3-2 - Use Qt 6 diff --git a/sources b/sources index edf09a7..b64453e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.4.3.tar.gz) = dcea6f10af0f46cb7f06aa1b29a757de7dbc30b52fe705c51a4f395d6cc25bfc7b78c15b6fc5c09ec05a2bbe8316bc79b87156304de5fe098040007d33a70143 +SHA512 (4.4.4.tar.gz) = 3ee382df80c71dc4fd2cd9ba287dbd97aca0d90a67f170646cb02e585d3e2d3bcc4a6f03d404d5273e7ad34a86bee42649432c58d517ad44ff97c94d2f35b1ef From cc080e498edc8c3eb2943ca865399e72cc8d13ab Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 27 Jan 2024 02:41:23 +0000 Subject: [PATCH 60/78] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index ece4334..172292a 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.4.4 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -144,6 +144,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Sat Jan 27 2024 Fedora Release Engineering - 4.4.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + * Mon Dec 11 2023 Petr Lautrbach - 4.4.4-1 - SETools 4.4.4 release From 3a271f5265c8dd7ae4ffd38dbb0968d25281a88e Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 18 Apr 2024 12:43:35 +0200 Subject: [PATCH 61/78] SETools 4.5.0 - Add graphical results for information flow analysis and domain transition analysis, available in apol, sedta, and seinfoflow. - Add tooltips, What's This?, and detail popups in apol to help cross-referencing query and analysis results along with context-sensitive help. --- .gitignore | 1 + 0001-Use-PyQt6.patch | 1121 ------------------------------------------ setools.spec | 8 +- sources | 2 +- 4 files changed, 7 insertions(+), 1125 deletions(-) delete mode 100644 0001-Use-PyQt6.patch diff --git a/.gitignore b/.gitignore index a5afd44..66ea469 100644 --- a/.gitignore +++ b/.gitignore @@ -16,3 +16,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.4.2.tar.gz /4.4.3.tar.gz /4.4.4.tar.gz +/4.5.0.tar.gz diff --git a/0001-Use-PyQt6.patch b/0001-Use-PyQt6.patch deleted file mode 100644 index 8b0285c..0000000 --- a/0001-Use-PyQt6.patch +++ /dev/null @@ -1,1121 +0,0 @@ -From a9a062004e9974e06880e57ddb2c9699de2696f0 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 4 Sep 2023 16:12:59 +0200 -Subject: [PATCH] Use PyQt6 -Content-type: text/plain - -Signed-off-by: Petr Lautrbach ---- - .mypy.ini | 2 +- - README.md | 6 +++--- - apol | 4 ++-- - setoolsgui/apol/analysistab.py | 4 ++-- - setoolsgui/apol/boolquery.py | 6 +++--- - setoolsgui/apol/boundsquery.py | 6 +++--- - setoolsgui/apol/categoryquery.py | 6 +++--- - setoolsgui/apol/chooseanalysis.py | 4 ++-- - setoolsgui/apol/commonquery.py | 6 +++--- - setoolsgui/apol/constraintquery.py | 6 +++--- - setoolsgui/apol/defaultquery.py | 6 +++--- - setoolsgui/apol/dta.py | 6 +++--- - setoolsgui/apol/excludetypes.py | 4 ++-- - setoolsgui/apol/fsusequery.py | 6 +++--- - setoolsgui/apol/genfsconquery.py | 6 +++--- - setoolsgui/apol/ibendportconquery.py | 6 +++--- - setoolsgui/apol/ibpkeyconquery.py | 6 +++--- - setoolsgui/apol/infoflow.py | 6 +++--- - setoolsgui/apol/initsidquery.py | 6 +++--- - setoolsgui/apol/mainwindow.py | 8 ++++---- - setoolsgui/apol/mlsrulequery.py | 6 +++--- - setoolsgui/apol/netifconquery.py | 6 +++--- - setoolsgui/apol/nodeconquery.py | 6 +++--- - setoolsgui/apol/objclassquery.py | 6 +++--- - setoolsgui/apol/permmapedit.py | 6 +++--- - setoolsgui/apol/portconquery.py | 6 +++--- - setoolsgui/apol/queryupdater.py | 2 +- - setoolsgui/apol/rbacrulequery.py | 6 +++--- - setoolsgui/apol/rolequery.py | 6 +++--- - setoolsgui/apol/sensitivityquery.py | 6 +++--- - setoolsgui/apol/summary.py | 6 +++--- - setoolsgui/apol/terulequery.py | 6 +++--- - setoolsgui/apol/typeattrquery.py | 6 +++--- - setoolsgui/apol/typequery.py | 6 +++--- - setoolsgui/apol/userquery.py | 6 +++--- - setoolsgui/apol/workspace.py | 2 +- - setoolsgui/boolmodel.py | 4 ++-- - setoolsgui/boundsmodel.py | 2 +- - setoolsgui/commonmodel.py | 4 ++-- - setoolsgui/constraintmodel.py | 2 +- - setoolsgui/defaultmodel.py | 2 +- - setoolsgui/details.py | 4 ++-- - setoolsgui/fsusemodel.py | 2 +- - setoolsgui/genfsconmodel.py | 2 +- - setoolsgui/getdetailslist.py | 4 ++-- - setoolsgui/ibendportconmodel.py | 2 +- - setoolsgui/ibpkeyconmodel.py | 2 +- - setoolsgui/initsidmodel.py | 2 +- - setoolsgui/listview.py | 6 +++--- - setoolsgui/logtosignal.py | 2 +- - setoolsgui/mlsmodel.py | 4 ++-- - setoolsgui/mlsrulemodel.py | 2 +- - setoolsgui/models.py | 2 +- - setoolsgui/netifconmodel.py | 2 +- - setoolsgui/nodeconmodel.py | 2 +- - setoolsgui/objclassmodel.py | 4 ++-- - setoolsgui/portconmodel.py | 2 +- - setoolsgui/rbacrulemodel.py | 2 +- - setoolsgui/rolemodel.py | 4 ++-- - setoolsgui/tableview.py | 6 +++--- - setoolsgui/terulemodel.py | 2 +- - setoolsgui/treeview.py | 6 +++--- - setoolsgui/typeattrmodel.py | 4 ++-- - setoolsgui/typemodel.py | 4 ++-- - setoolsgui/usermodel.py | 2 +- - setoolsgui/widget.py | 2 +- - 66 files changed, 144 insertions(+), 144 deletions(-) - -diff --git a/.mypy.ini b/.mypy.ini -index b45560b7d8d0..7d3aef848b4a 100644 ---- a/.mypy.ini -+++ b/.mypy.ini -@@ -9,7 +9,7 @@ ignore_missing_imports = True - [mypy-networkx.*] - ignore_missing_imports = True - --[mypy-PyQt5.*] -+[mypy-PyQt6.*] - ignore_missing_imports = True - - [mypy-sip] -diff --git a/README.md b/README.md -index b5a05c9376c3..d291e0d5693d 100644 ---- a/README.md -+++ b/README.md -@@ -20,8 +20,8 @@ To run SETools command line tools, the following packages are required: - * libsepol 3.2+ - - To run SETools graphical tools, the following packages are also required: --* PyQt5 --* qt5-assistant -+* PyQt6 -+* qt6-assistant - * qt-devel (only if rebuilding the help file) - - To build SETools, the following development packages are required, in -@@ -73,7 +73,7 @@ the tools can be ran from the current directory (e.g. ```./seinfo```). - ### Rebuilding the Apol Help File - - For convenience, a prebuilt copy of the apol help data file is included. --To rebuild this file, the Qt5 development tools are required -+To rebuild this file, the Qt6 development tools are required - (particularly, the ```qcollectiongenerator``` tool). At the root - of the SETools sources, perform the following: - ``` -diff --git a/apol b/apol -index 400832199eae..f32b29bf8c5c 100755 ---- a/apol -+++ b/apol -@@ -8,7 +8,7 @@ import sys - import argparse - import logging - --from PyQt5.QtWidgets import QApplication -+from PyQt6.QtWidgets import QApplication - import setools - import setoolsgui - -@@ -42,7 +42,7 @@ logging.getLogger().addHandler(console_handler) - try: - app = QApplication(sys.argv) - mainwindow = setoolsgui.ApolMainWindow(args.policy) -- sys.exit(app.exec_()) -+ sys.exit(app.exec()) - - except Exception as err: - if args.debug: -diff --git a/setoolsgui/apol/analysistab.py b/setoolsgui/apol/analysistab.py -index bc3629ff274a..13f89db32277 100644 ---- a/setoolsgui/apol/analysistab.py -+++ b/setoolsgui/apol/analysistab.py -@@ -6,8 +6,8 @@ - from typing import Dict, NamedTuple - from enum import Enum - --import sip --from PyQt5.QtWidgets import QDialogButtonBox, QScrollArea -+import PyQt6.sip as sip -+from PyQt6.QtWidgets import QDialogButtonBox, QScrollArea - - from ..widget import SEToolsWidget - -diff --git a/setoolsgui/apol/boolquery.py b/setoolsgui/apol/boolquery.py -index 6116fe48a846..d7bf529fa267 100644 ---- a/setoolsgui/apol/boolquery.py -+++ b/setoolsgui/apol/boolquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import BoolQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/boundsquery.py b/setoolsgui/apol/boundsquery.py -index 5b90c2ee2ded..5c53803dbb7a 100644 ---- a/setoolsgui/apol/boundsquery.py -+++ b/setoolsgui/apol/boundsquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import BoundsQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/categoryquery.py b/setoolsgui/apol/categoryquery.py -index 598f163c335f..7df35566f672 100644 ---- a/setoolsgui/apol/categoryquery.py -+++ b/setoolsgui/apol/categoryquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import CategoryQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/chooseanalysis.py b/setoolsgui/apol/chooseanalysis.py -index 155ae6d2f4ae..d7d192a94c2a 100644 ---- a/setoolsgui/apol/chooseanalysis.py -+++ b/setoolsgui/apol/chooseanalysis.py -@@ -5,8 +5,8 @@ - # - from collections import defaultdict - --from PyQt5.QtCore import Qt --from PyQt5.QtWidgets import QDialog, QTreeWidgetItem -+from PyQt6.QtCore import Qt -+from PyQt6.QtWidgets import QDialog, QTreeWidgetItem - - from ..widget import SEToolsWidget - from .analysistab import AnalysisSection, AnalysisTab, TAB_REGISTRY -diff --git a/setoolsgui/apol/commonquery.py b/setoolsgui/apol/commonquery.py -index 8fb11e87290d..1c73a42aff4b 100644 ---- a/setoolsgui/apol/commonquery.py -+++ b/setoolsgui/apol/commonquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import CommonQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/constraintquery.py b/setoolsgui/apol/constraintquery.py -index ee64db0ca1df..efda65f4c55e 100644 ---- a/setoolsgui/apol/constraintquery.py -+++ b/setoolsgui/apol/constraintquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import ConstraintQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/defaultquery.py b/setoolsgui/apol/defaultquery.py -index e09692ee6a46..cad78d03e8a8 100644 ---- a/setoolsgui/apol/defaultquery.py -+++ b/setoolsgui/apol/defaultquery.py -@@ -8,9 +8,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import DefaultQuery, DefaultValue, DefaultRangeValue - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py -index 8bbed4dbe21f..bdbe6f448150 100644 ---- a/setoolsgui/apol/dta.py -+++ b/setoolsgui/apol/dta.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ -+from PyQt6.QtCore import pyqtSignal, Qt, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem - from setools import DomainTransitionAnalysis - -diff --git a/setoolsgui/apol/excludetypes.py b/setoolsgui/apol/excludetypes.py -index 1c4beaf84542..a764597cc1cd 100644 ---- a/setoolsgui/apol/excludetypes.py -+++ b/setoolsgui/apol/excludetypes.py -@@ -7,8 +7,8 @@ - import logging - import copy - --from PyQt5.QtCore import Qt, QSortFilterProxyModel --from PyQt5.QtWidgets import QDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel -+from PyQt6.QtWidgets import QDialog - - from ..models import SEToolsListModel - from ..widget import SEToolsWidget -diff --git a/setoolsgui/apol/fsusequery.py b/setoolsgui/apol/fsusequery.py -index 4e7567f4e4c6..e0b77af58ef0 100644 ---- a/setoolsgui/apol/fsusequery.py -+++ b/setoolsgui/apol/fsusequery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import FSUseQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/genfsconquery.py b/setoolsgui/apol/genfsconquery.py -index 33dbed787cd6..5294e9042857 100644 ---- a/setoolsgui/apol/genfsconquery.py -+++ b/setoolsgui/apol/genfsconquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import GenfsconQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/ibendportconquery.py b/setoolsgui/apol/ibendportconquery.py -index 18252dd23de0..e688773eac5a 100644 ---- a/setoolsgui/apol/ibendportconquery.py -+++ b/setoolsgui/apol/ibendportconquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QProgressDialog - from setools import IbendportconQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/ibpkeyconquery.py b/setoolsgui/apol/ibpkeyconquery.py -index b7a78bf908a0..27be270f6602 100644 ---- a/setoolsgui/apol/ibpkeyconquery.py -+++ b/setoolsgui/apol/ibpkeyconquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QProgressDialog - from setools import IbpkeyconQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py -index 526f3074e143..a57c232ccc3e 100644 ---- a/setoolsgui/apol/infoflow.py -+++ b/setoolsgui/apol/infoflow.py -@@ -9,9 +9,9 @@ import copy - from collections import defaultdict - from contextlib import suppress - --from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ -+from PyQt6.QtCore import pyqtSignal, Qt, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \ - QTreeWidgetItem - from setools import InfoFlowAnalysis - from setools.exception import UnmappedClass, UnmappedPermission -diff --git a/setoolsgui/apol/initsidquery.py b/setoolsgui/apol/initsidquery.py -index d01f87130925..f84e4c2260a9 100644 ---- a/setoolsgui/apol/initsidquery.py -+++ b/setoolsgui/apol/initsidquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import InitialSIDQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/mainwindow.py b/setoolsgui/apol/mainwindow.py -index dcbfb7590ef7..7dc3cd852820 100644 ---- a/setoolsgui/apol/mainwindow.py -+++ b/setoolsgui/apol/mainwindow.py -@@ -11,8 +11,8 @@ import json - from contextlib import suppress - - import pkg_resources --from PyQt5.QtCore import pyqtSlot, Qt, QProcess --from PyQt5.QtWidgets import QApplication, QFileDialog, QLineEdit, QMainWindow, QMessageBox -+from PyQt6.QtCore import pyqtSlot, Qt, QProcess -+from PyQt6.QtWidgets import QApplication, QFileDialog, QLineEdit, QMainWindow, QMessageBox - from setools import __version__, PermissionMap, SELinuxPolicy - - from ..widget import SEToolsWidget -@@ -26,7 +26,7 @@ from .summary import SummaryTab - - - BIN_SEARCH_PATHS = ("/usr/local/bin:/usr/bin:/bin") --POSSIBLE_ASSISTANT = ("assistant", "assistant-qt5") -+POSSIBLE_ASSISTANT = ("assistant", "assistant-qt6") - - - class ApolMainWindow(SEToolsWidget, QMainWindow): -@@ -666,7 +666,7 @@ class ApolMainWindow(SEToolsWidget, QMainWindow): - reply = QMessageBox.question( - self, "Qt Assistant Package Installed?", - "Failed to start QT Assistant program {}. " -- "This is typically in the assistant or qt5-assistant package. " -+ "This is typically in the assistant or qt6-assistant package. " - "Choose location of Qt Assistant executable?".format( - self.config.assistant), - QMessageBox.StandardButton.Yes | QMessageBox.StandardButton.No) -diff --git a/setoolsgui/apol/mlsrulequery.py b/setoolsgui/apol/mlsrulequery.py -index bb554ade6657..ec0a20955ed8 100644 ---- a/setoolsgui/apol/mlsrulequery.py -+++ b/setoolsgui/apol/mlsrulequery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import MLSRuleQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/netifconquery.py b/setoolsgui/apol/netifconquery.py -index 4cf3de1a9f5c..3c828edb26c6 100644 ---- a/setoolsgui/apol/netifconquery.py -+++ b/setoolsgui/apol/netifconquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import NetifconQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/nodeconquery.py b/setoolsgui/apol/nodeconquery.py -index 81a33a794c05..dddfa069b9ad 100644 ---- a/setoolsgui/apol/nodeconquery.py -+++ b/setoolsgui/apol/nodeconquery.py -@@ -8,9 +8,9 @@ import sys - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import NodeconQuery, NodeconIPVersion - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/objclassquery.py b/setoolsgui/apol/objclassquery.py -index 23c8188e8bbd..4f0355dd3176 100644 ---- a/setoolsgui/apol/objclassquery.py -+++ b/setoolsgui/apol/objclassquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import ObjClassQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/permmapedit.py b/setoolsgui/apol/permmapedit.py -index d1e0b01ce854..ee01917a7bc5 100644 ---- a/setoolsgui/apol/permmapedit.py -+++ b/setoolsgui/apol/permmapedit.py -@@ -6,9 +6,9 @@ - import logging - import copy - --from PyQt5.QtCore import pyqtSignal, pyqtSlot, Qt --from PyQt5.QtGui import QPalette --from PyQt5.QtWidgets import QDialog, QFrame, QWidget -+from PyQt6.QtCore import pyqtSignal, pyqtSlot, Qt -+from PyQt6.QtGui import QPalette -+from PyQt6.QtWidgets import QDialog, QFrame, QWidget - - from ..models import SEToolsListModel - from ..widget import SEToolsWidget -diff --git a/setoolsgui/apol/portconquery.py b/setoolsgui/apol/portconquery.py -index de0a16567f1c..2afdd16e9f9c 100644 ---- a/setoolsgui/apol/portconquery.py -+++ b/setoolsgui/apol/portconquery.py -@@ -8,9 +8,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import PortconQuery, PortconProtocol - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/queryupdater.py b/setoolsgui/apol/queryupdater.py -index 9b6c155caa0a..07dc21a7d83d 100644 ---- a/setoolsgui/apol/queryupdater.py -+++ b/setoolsgui/apol/queryupdater.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import pyqtSignal, QObject, QThread -+from PyQt6.QtCore import pyqtSignal, QObject, QThread - - - class QueryResultsUpdater(QObject): -diff --git a/setoolsgui/apol/rbacrulequery.py b/setoolsgui/apol/rbacrulequery.py -index 4749d324d858..505a1858d015 100644 ---- a/setoolsgui/apol/rbacrulequery.py -+++ b/setoolsgui/apol/rbacrulequery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import RBACRuleQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/rolequery.py b/setoolsgui/apol/rolequery.py -index e75614d9a992..bd1a02a1d614 100644 ---- a/setoolsgui/apol/rolequery.py -+++ b/setoolsgui/apol/rolequery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import RoleQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/sensitivityquery.py b/setoolsgui/apol/sensitivityquery.py -index c8a27891ae97..aac7e2971b6d 100644 ---- a/setoolsgui/apol/sensitivityquery.py -+++ b/setoolsgui/apol/sensitivityquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import SensitivityQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/summary.py b/setoolsgui/apol/summary.py -index 1aeb2b303bd6..32b6c5fcfbe5 100644 ---- a/setoolsgui/apol/summary.py -+++ b/setoolsgui/apol/summary.py -@@ -7,9 +7,9 @@ - - import logging - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import MLSRuleQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/terulequery.py b/setoolsgui/apol/terulequery.py -index 7c99469edc87..4aba54cc59d0 100644 ---- a/setoolsgui/apol/terulequery.py -+++ b/setoolsgui/apol/terulequery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import TERuleQuery, xperm_str_to_tuple_ranges - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/typeattrquery.py b/setoolsgui/apol/typeattrquery.py -index 67a087a7e3f0..f76de94e93d7 100644 ---- a/setoolsgui/apol/typeattrquery.py -+++ b/setoolsgui/apol/typeattrquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import TypeAttributeQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/typequery.py b/setoolsgui/apol/typequery.py -index a22e3547cd16..4859364576e4 100644 ---- a/setoolsgui/apol/typequery.py -+++ b/setoolsgui/apol/typequery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import TypeQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/userquery.py b/setoolsgui/apol/userquery.py -index 19ffb03c2975..6200ddcb8398 100644 ---- a/setoolsgui/apol/userquery.py -+++ b/setoolsgui/apol/userquery.py -@@ -7,9 +7,9 @@ - import logging - from contextlib import suppress - --from PyQt5.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread --from PyQt5.QtGui import QPalette, QTextCursor --from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog -+from PyQt6.QtCore import Qt, QSortFilterProxyModel, QStringListModel, QThread -+from PyQt6.QtGui import QPalette, QTextCursor -+from PyQt6.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog - from setools import UserQuery - - from ..logtosignal import LogHandlerToSignal -diff --git a/setoolsgui/apol/workspace.py b/setoolsgui/apol/workspace.py -index 2b4229224b85..8db9d1478d4d 100644 ---- a/setoolsgui/apol/workspace.py -+++ b/setoolsgui/apol/workspace.py -@@ -9,7 +9,7 @@ import logging - import setools - - --from PyQt5.QtCore import Qt, QItemSelectionModel -+from PyQt6.QtCore import Qt, QItemSelectionModel - - - def save_checkboxes(tab, settings, checkboxes): -diff --git a/setoolsgui/boolmodel.py b/setoolsgui/boolmodel.py -index c331fdd5057d..a1a733987258 100644 ---- a/setoolsgui/boolmodel.py -+++ b/setoolsgui/boolmodel.py -@@ -3,8 +3,8 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt --from PyQt5.QtGui import QPalette, QTextCursor -+from PyQt6.QtCore import Qt -+from PyQt6.QtGui import QPalette, QTextCursor - - from .details import DetailsPopup - from .models import SEToolsTableModel -diff --git a/setoolsgui/boundsmodel.py b/setoolsgui/boundsmodel.py -index c7ed1e7c227f..fdc1462b0a9b 100644 ---- a/setoolsgui/boundsmodel.py -+++ b/setoolsgui/boundsmodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - - from .models import SEToolsTableModel - -diff --git a/setoolsgui/commonmodel.py b/setoolsgui/commonmodel.py -index 2ceb57f4f0a3..a5c656deac15 100644 ---- a/setoolsgui/commonmodel.py -+++ b/setoolsgui/commonmodel.py -@@ -3,8 +3,8 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt --from PyQt5.QtGui import QPalette, QTextCursor -+from PyQt6.QtCore import Qt -+from PyQt6.QtGui import QPalette, QTextCursor - - from setools.exception import NoCommon - -diff --git a/setoolsgui/constraintmodel.py b/setoolsgui/constraintmodel.py -index d295f28f208b..2ae8dc5ba025 100644 ---- a/setoolsgui/constraintmodel.py -+++ b/setoolsgui/constraintmodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - from setools.exception import ConstraintUseError - - from .models import SEToolsTableModel -diff --git a/setoolsgui/defaultmodel.py b/setoolsgui/defaultmodel.py -index 3a699c49ce8c..fe29b3f3179b 100644 ---- a/setoolsgui/defaultmodel.py -+++ b/setoolsgui/defaultmodel.py -@@ -5,7 +5,7 @@ - # - from contextlib import suppress - --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - - from .models import SEToolsTableModel - -diff --git a/setoolsgui/details.py b/setoolsgui/details.py -index 8d4882cd6a1e..1cbf6c05590c 100644 ---- a/setoolsgui/details.py -+++ b/setoolsgui/details.py -@@ -5,8 +5,8 @@ - # - import logging - --from PyQt5.QtGui import QFont, QTextCursor --from PyQt5.QtWidgets import QDialog -+from PyQt6.QtGui import QFont, QTextCursor -+from PyQt6.QtWidgets import QDialog - - from .widget import SEToolsWidget - -diff --git a/setoolsgui/fsusemodel.py b/setoolsgui/fsusemodel.py -index bc100784c490..327a8653d1b2 100644 ---- a/setoolsgui/fsusemodel.py -+++ b/setoolsgui/fsusemodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - - from .models import SEToolsTableModel - -diff --git a/setoolsgui/genfsconmodel.py b/setoolsgui/genfsconmodel.py -index 1e50d929446a..b3429c81d536 100644 ---- a/setoolsgui/genfsconmodel.py -+++ b/setoolsgui/genfsconmodel.py -@@ -5,7 +5,7 @@ - # - import stat - --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - - from .models import SEToolsTableModel - -diff --git a/setoolsgui/getdetailslist.py b/setoolsgui/getdetailslist.py -index df7149dda0f2..e4e39194456c 100644 ---- a/setoolsgui/getdetailslist.py -+++ b/setoolsgui/getdetailslist.py -@@ -3,8 +3,8 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtGui import QCursor --from PyQt5.QtWidgets import QAction, QListView, QMenu -+from PyQt6.QtGui import QCursor, QAction -+from PyQt6.QtWidgets import QListView, QMenu - - - class GetDetailsListView(QListView): -diff --git a/setoolsgui/ibendportconmodel.py b/setoolsgui/ibendportconmodel.py -index 37b7a8d74948..49780736b90f 100644 ---- a/setoolsgui/ibendportconmodel.py -+++ b/setoolsgui/ibendportconmodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - - from .models import SEToolsTableModel - -diff --git a/setoolsgui/ibpkeyconmodel.py b/setoolsgui/ibpkeyconmodel.py -index 160425504521..1a339b90110b 100644 ---- a/setoolsgui/ibpkeyconmodel.py -+++ b/setoolsgui/ibpkeyconmodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - - from .models import SEToolsTableModel - -diff --git a/setoolsgui/initsidmodel.py b/setoolsgui/initsidmodel.py -index 9ffb408024fd..04e8a34f931e 100644 ---- a/setoolsgui/initsidmodel.py -+++ b/setoolsgui/initsidmodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - - from .models import SEToolsTableModel - -diff --git a/setoolsgui/listview.py b/setoolsgui/listview.py -index e803975c52c6..ff42bf0f8c57 100644 ---- a/setoolsgui/listview.py -+++ b/setoolsgui/listview.py -@@ -6,9 +6,9 @@ - import logging - from collections import defaultdict - --from PyQt5.QtCore import Qt, QItemSelectionModel --from PyQt5.QtGui import QKeySequence --from PyQt5.QtWidgets import QAbstractItemView, QListView -+from PyQt6.QtCore import Qt, QItemSelectionModel -+from PyQt6.QtGui import QKeySequence -+from PyQt6.QtWidgets import QAbstractItemView, QListView - - - class SEToolsListView(QListView): -diff --git a/setoolsgui/logtosignal.py b/setoolsgui/logtosignal.py -index 7678f0992ce6..5bfab937ecc6 100644 ---- a/setoolsgui/logtosignal.py -+++ b/setoolsgui/logtosignal.py -@@ -5,7 +5,7 @@ - # - - from logging import Formatter, Handler, INFO --from PyQt5.QtCore import pyqtSignal, QObject -+from PyQt6.QtCore import pyqtSignal, QObject - - - class LogHandlerToSignal(Handler, QObject): -diff --git a/setoolsgui/mlsmodel.py b/setoolsgui/mlsmodel.py -index 147378ef585a..a0bfb3709d57 100644 ---- a/setoolsgui/mlsmodel.py -+++ b/setoolsgui/mlsmodel.py -@@ -3,8 +3,8 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt --from PyQt5.QtGui import QPalette, QTextCursor -+from PyQt6.QtCore import Qt -+from PyQt6.QtGui import QPalette, QTextCursor - - from .details import DetailsPopup - from .models import SEToolsTableModel -diff --git a/setoolsgui/mlsrulemodel.py b/setoolsgui/mlsrulemodel.py -index 54ad4c216c72..349900ef36d2 100644 ---- a/setoolsgui/mlsrulemodel.py -+++ b/setoolsgui/mlsrulemodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - - from .models import SEToolsTableModel - -diff --git a/setoolsgui/models.py b/setoolsgui/models.py -index dd864e932fbc..0a19c9b26f1e 100644 ---- a/setoolsgui/models.py -+++ b/setoolsgui/models.py -@@ -7,7 +7,7 @@ import logging - from contextlib import suppress - from typing import List - --from PyQt5.QtCore import QAbstractListModel, QItemSelectionModel, QAbstractTableModel, \ -+from PyQt6.QtCore import QAbstractListModel, QItemSelectionModel, QAbstractTableModel, \ - QModelIndex, QStringListModel, Qt - from setools.exception import NoCommon - -diff --git a/setoolsgui/netifconmodel.py b/setoolsgui/netifconmodel.py -index 54659203e7e5..d9aa87bd0dea 100644 ---- a/setoolsgui/netifconmodel.py -+++ b/setoolsgui/netifconmodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - - from .models import SEToolsTableModel - -diff --git a/setoolsgui/nodeconmodel.py b/setoolsgui/nodeconmodel.py -index f8055fca194d..9bbb426a71aa 100644 ---- a/setoolsgui/nodeconmodel.py -+++ b/setoolsgui/nodeconmodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - - from .models import SEToolsTableModel - -diff --git a/setoolsgui/objclassmodel.py b/setoolsgui/objclassmodel.py -index ff1641f8cc3e..d67d45c12fd4 100644 ---- a/setoolsgui/objclassmodel.py -+++ b/setoolsgui/objclassmodel.py -@@ -5,8 +5,8 @@ - # - from itertools import chain - --from PyQt5.QtCore import Qt --from PyQt5.QtGui import QPalette, QTextCursor -+from PyQt6.QtCore import Qt -+from PyQt6.QtGui import QPalette, QTextCursor - - from setools.exception import NoCommon - -diff --git a/setoolsgui/portconmodel.py b/setoolsgui/portconmodel.py -index 1c3de4494af9..5eb3b9327d19 100644 ---- a/setoolsgui/portconmodel.py -+++ b/setoolsgui/portconmodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - - from .models import SEToolsTableModel - -diff --git a/setoolsgui/rbacrulemodel.py b/setoolsgui/rbacrulemodel.py -index 84d2ff09e4fc..c97cf36b0a3a 100644 ---- a/setoolsgui/rbacrulemodel.py -+++ b/setoolsgui/rbacrulemodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - from setools.exception import RuleUseError - - from .models import SEToolsTableModel -diff --git a/setoolsgui/rolemodel.py b/setoolsgui/rolemodel.py -index 2dd7fe64d37e..dc4852225bdb 100644 ---- a/setoolsgui/rolemodel.py -+++ b/setoolsgui/rolemodel.py -@@ -3,8 +3,8 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt --from PyQt5.QtGui import QPalette, QTextCursor -+from PyQt6.QtCore import Qt -+from PyQt6.QtGui import QPalette, QTextCursor - - from setools.exception import MLSDisabled - -diff --git a/setoolsgui/tableview.py b/setoolsgui/tableview.py -index 9ba49aa50fa3..71174008f85d 100644 ---- a/setoolsgui/tableview.py -+++ b/setoolsgui/tableview.py -@@ -5,9 +5,9 @@ - # - import csv - --from PyQt5.QtCore import Qt --from PyQt5.QtGui import QKeySequence, QCursor --from PyQt5.QtWidgets import QAction, QApplication, QFileDialog, QMenu, QTableView -+from PyQt6.QtCore import Qt -+from PyQt6.QtGui import QAction, QKeySequence, QCursor -+from PyQt6.QtWidgets import QApplication, QFileDialog, QMenu, QTableView - - - class SEToolsTableView(QTableView): -diff --git a/setoolsgui/terulemodel.py b/setoolsgui/terulemodel.py -index 53b61a06d152..ac1b32d76ec4 100644 ---- a/setoolsgui/terulemodel.py -+++ b/setoolsgui/terulemodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt -+from PyQt6.QtCore import Qt - from setools.exception import RuleNotConditional, RuleUseError - - from .models import SEToolsTableModel -diff --git a/setoolsgui/treeview.py b/setoolsgui/treeview.py -index a8f6fb4caef5..bf6d63d2b92b 100644 ---- a/setoolsgui/treeview.py -+++ b/setoolsgui/treeview.py -@@ -3,9 +3,9 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt, QModelIndex --from PyQt5.QtGui import QKeySequence, QCursor --from PyQt5.QtWidgets import QAction, QApplication, QFileDialog, QMenu, QTreeWidget, \ -+from PyQt6.QtCore import Qt, QModelIndex -+from PyQt6.QtGui import QAction, QKeySequence, QCursor -+from PyQt6.QtWidgets import QApplication, QFileDialog, QMenu, QTreeWidget, \ - QTreeWidgetItemIterator - - -diff --git a/setoolsgui/typeattrmodel.py b/setoolsgui/typeattrmodel.py -index 0b7c7ffe65a5..ede73228e16a 100644 ---- a/setoolsgui/typeattrmodel.py -+++ b/setoolsgui/typeattrmodel.py -@@ -3,8 +3,8 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt --from PyQt5.QtGui import QPalette, QTextCursor -+from PyQt6.QtCore import Qt -+from PyQt6.QtGui import QPalette, QTextCursor - - from setools.exception import MLSDisabled - -diff --git a/setoolsgui/typemodel.py b/setoolsgui/typemodel.py -index 037996b96a8c..f25737169762 100644 ---- a/setoolsgui/typemodel.py -+++ b/setoolsgui/typemodel.py -@@ -3,8 +3,8 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt --from PyQt5.QtGui import QPalette, QTextCursor -+from PyQt6.QtCore import Qt -+from PyQt6.QtGui import QPalette, QTextCursor - - from setools.exception import MLSDisabled - -diff --git a/setoolsgui/usermodel.py b/setoolsgui/usermodel.py -index d5aca7bc11a0..4edb393a9d0e 100644 ---- a/setoolsgui/usermodel.py -+++ b/setoolsgui/usermodel.py -@@ -3,7 +3,7 @@ - # SPDX-License-Identifier: LGPL-2.1-only - # - # --from PyQt5.QtCore import Qt, QModelIndex -+from PyQt6.QtCore import Qt, QModelIndex - from setools.exception import MLSDisabled - - from .details import DetailsPopup -diff --git a/setoolsgui/widget.py b/setoolsgui/widget.py -index e236623cef96..b2866139564c 100644 ---- a/setoolsgui/widget.py -+++ b/setoolsgui/widget.py -@@ -7,7 +7,7 @@ import sys - from errno import ENOENT - - import pkg_resources --from PyQt5.uic import loadUi -+from PyQt6.uic import loadUi - - - # Stylesheet that adds a frame around QGroupBoxes --- -2.41.0 - diff --git a/setools.spec b/setools.spec index 172292a..0af99a9 100644 --- a/setools.spec +++ b/setools.spec @@ -2,8 +2,8 @@ %global selinux_ver 3.6 Name: setools -Version: 4.4.4 -Release: 2%{?dist} +Version: 4.5.0 +Release: 1%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only and LGPL-2.1-only @@ -11,7 +11,6 @@ URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam Source2: apol.desktop -Patch1: 0001-Use-PyQt6.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison @@ -144,6 +143,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Thu Apr 18 2024 Petr Lautrbach - 4.5.0-1 +- SETools 4.5.0 + * Sat Jan 27 2024 Fedora Release Engineering - 4.4.4-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild diff --git a/sources b/sources index b64453e..fc75e62 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.4.4.tar.gz) = 3ee382df80c71dc4fd2cd9ba287dbd97aca0d90a67f170646cb02e585d3e2d3bcc4a6f03d404d5273e7ad34a86bee42649432c58d517ad44ff97c94d2f35b1ef +SHA512 (4.5.0.tar.gz) = 1a33569c7a2a03b373e8d975890eff60ac3acdbe2ea7fe961046f4e1b01f25c0c4135d6c92f00a73579f595a754e22287ad2e2894da9a6087554534b91df45ee From 5bd6294fcae8a83a5a9cdec1d7217d9ca7329d96 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 23 Apr 2024 16:04:02 +0200 Subject: [PATCH 62/78] SETools 4.5.1 - Correct annotations of NetworkX types to make it optional again. - Fix packaging issue for apol's style sheet (apol.css). --- .gitignore | 1 + setools.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 66ea469..ee1b313 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.4.3.tar.gz /4.4.4.tar.gz /4.5.0.tar.gz +/4.5.1.tar.gz diff --git a/setools.spec b/setools.spec index 0af99a9..5828a22 100644 --- a/setools.spec +++ b/setools.spec @@ -2,7 +2,7 @@ %global selinux_ver 3.6 Name: setools -Version: 4.5.0 +Version: 4.5.1 Release: 1%{?dist} Summary: Policy analysis tools for SELinux @@ -143,6 +143,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Thu May 02 2024 Petr Lautrbach - 4.5.1-1 +- SETools 4.5.1 + * Thu Apr 18 2024 Petr Lautrbach - 4.5.0-1 - SETools 4.5.0 diff --git a/sources b/sources index fc75e62..fa454b3 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.5.0.tar.gz) = 1a33569c7a2a03b373e8d975890eff60ac3acdbe2ea7fe961046f4e1b01f25c0c4135d6c92f00a73579f595a754e22287ad2e2894da9a6087554534b91df45ee +SHA512 (4.5.1.tar.gz) = 6aef2e12495f980a0b71cf888170ee2f1de94785404b578d416d9720f2441ff3ef14c7ac434310e421c7fa885b8c8ef99aff6438ecfb5e8687d0ff4875127824 From 5f7bd5af0ad633ba950dc81c8fff64bdb03d41a9 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 2 May 2024 17:35:17 +0200 Subject: [PATCH 63/78] Fix License tag Fixes: SPDX license expressions in use, but an invalid boolean was found: and; when using SPDX expression the booleans must be in all caps. --- setools.spec | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/setools.spec b/setools.spec index 5828a22..44097a9 100644 --- a/setools.spec +++ b/setools.spec @@ -3,10 +3,10 @@ Name: setools Version: 4.5.1 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Policy analysis tools for SELinux -License: GPL-2.0-only and LGPL-2.1-only +License: GPL-2.0-only AND LGPL-2.1-only URL: https://github.com/SELinuxProject/setools/wiki Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz Source1: setools.pam @@ -143,6 +143,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Thu May 02 2024 Petr Lautrbach - 4.5.1-2 +- Fix License tag + * Thu May 02 2024 Petr Lautrbach - 4.5.1-1 - SETools 4.5.1 From d301e66a010b6334ec7bc94f46c95e25cd5858c9 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 7 Jun 2024 09:51:16 +0200 Subject: [PATCH 64/78] Rebuilt for Python 3.13 --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 44097a9..a909a88 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.5.1 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -143,6 +143,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Fri Jun 07 2024 Python Maint - 4.5.1-3 +- Rebuilt for Python 3.13 + * Thu May 02 2024 Petr Lautrbach - 4.5.1-2 - Fix License tag From 94756e17ba771fdd37e635ced0a93dee74b540cb Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sat, 20 Jul 2024 05:18:18 +0000 Subject: [PATCH 65/78] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index a909a88..6bad39d 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.5.1 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -143,6 +143,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Sat Jul 20 2024 Fedora Release Engineering - 4.5.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + * Fri Jun 07 2024 Python Maint - 4.5.1-3 - Rebuilt for Python 3.13 From 183b6ffe53b0338161e65a731de2edec9b2d3809 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 15 Aug 2024 11:43:12 +0200 Subject: [PATCH 66/78] Replace setup.py test with %pytest https://lists.fedoraproject.org/archives/list/python-devel@lists.fedoraproject.org/thread/YOC5527SRKNY2XG6CMS3KNGJ54O7SMXI/ --- setools.spec | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 6bad39d..bae93a9 100644 --- a/setools.spec +++ b/setools.spec @@ -101,7 +101,8 @@ Python modules designed to facilitate SELinux policy analysis. %check %if %{?_with_check:1}%{!?_with_check:0} -%{__python3} setup.py test +# dnf install python3-pytest python3-pytest-qt +%pytest %endif From cb92b5067a40c40928ad32edaea6be30aa3948a9 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Fri, 11 Oct 2024 09:05:31 +0200 Subject: [PATCH 67/78] pyprojectize spec file The old %py3_build and %py3_install macros (201x-era) as documented in [1] use a deprecated feature of setuptools. It is highly recommended to use the current %pyproject macros instead as documented in [2] and [3] sooner than it becomes necessary. [1]: https://docs.fedoraproject.org/en-US/packaging-guidelines/Python_201x/ [2]: https://docs.fedoraproject.org/en-US/packaging-guidelines/Python/ [3]: https://src.fedoraproject.org/rpms/pyproject-rpm-macros/blob/rawhide/f/README.md https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/RFHSXAU2D4PEN2KHZCBUGP6MEGTUOUD2/ --- setools.spec | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/setools.spec b/setools.spec index bae93a9..ac08515 100644 --- a/setools.spec +++ b/setools.spec @@ -19,7 +19,6 @@ BuildRequires: libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver} BuildRequires: swig BuildRequires: python3-Cython BuildRequires: python3-devel -BuildRequires: python3-setuptools BuildRequires: libselinux-devel Requires: %{name}-console = %{version}-%{release} @@ -68,7 +67,6 @@ This package includes the following console tools: Summary: Policy analysis tools for SELinux License: LGPL-2.1-only Obsoletes: setools-libs < 4.0.0 -%{?python_provide:%python_provide python3-setools} Requires: python3-setuptools %description -n python3-setools @@ -92,12 +90,16 @@ Python modules designed to facilitate SELinux policy analysis. %autosetup -p 1 -S git -n setools-%{version} +%generate_buildrequires +%pyproject_buildrequires + + %build -%py3_build +%pyproject_wheel %install -%py3_install +%pyproject_install %check %if %{?_with_check:1}%{!?_with_check:0} From 658794f3e3ef731a9adb739b4669c75167486f24 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Sun, 19 Jan 2025 10:27:59 +0000 Subject: [PATCH 68/78] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index ac08515..1da82f3 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.5.1 -Release: 4%{?dist} +Release: 5%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -146,6 +146,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Sun Jan 19 2025 Fedora Release Engineering - 4.5.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + * Sat Jul 20 2024 Fedora Release Engineering - 4.5.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From f5e19e21ecbb28266d998912873ecd84941c4409 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Tue, 1 Apr 2025 14:48:12 +0200 Subject: [PATCH 69/78] Drop redundant runtime requirement on python3-setuptools, dropped in setools 4.5.1 --- setools.spec | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/setools.spec b/setools.spec index 1da82f3..f714ba9 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.5.1 -Release: 5%{?dist} +Release: 6%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -67,7 +67,6 @@ This package includes the following console tools: Summary: Policy analysis tools for SELinux License: LGPL-2.1-only Obsoletes: setools-libs < 4.0.0 -Requires: python3-setuptools %description -n python3-setools SETools is a collection of graphical tools, command-line tools, and @@ -146,6 +145,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Tue Apr 01 2025 Miro Hrončok - 4.5.1-6 +- Drop redundant runtime requirement on python3-setuptools, dropped in setools 4.5.1 + * Sun Jan 19 2025 Fedora Release Engineering - 4.5.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 93d27ba219d8499da9c0c9adf0e4610c97b74af7 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Mon, 2 Jun 2025 20:49:32 +0200 Subject: [PATCH 70/78] Rebuilt for Python 3.14 --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index f714ba9..cebb22c 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.5.1 -Release: 6%{?dist} +Release: 7%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -145,6 +145,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Mon Jun 02 2025 Python Maint - 4.5.1-7 +- Rebuilt for Python 3.14 + * Tue Apr 01 2025 Miro Hrončok - 4.5.1-6 - Drop redundant runtime requirement on python3-setuptools, dropped in setools 4.5.1 From 11ee438aa063b00bcc958846fa29efcc178a2e1b Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Sat, 5 Jul 2025 20:14:37 +0200 Subject: [PATCH 71/78] Rebuilt with SELinux userspace 3.9-rc2 release --- setools.spec | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/setools.spec b/setools.spec index cebb22c..3523e5c 100644 --- a/setools.spec +++ b/setools.spec @@ -1,9 +1,9 @@ -%global sepol_ver 3.6 -%global selinux_ver 3.6 +%global sepol_ver 3.9 +%global selinux_ver 3.9 Name: setools Version: 4.5.1 -Release: 7%{?dist} +Release: 8%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -145,6 +145,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Sat Jul 05 2025 Petr Lautrbach - 4.5.1-8 +- Rebuilt with SELinux userspace 3.9-rc2 release + * Mon Jun 02 2025 Python Maint - 4.5.1-7 - Rebuilt for Python 3.14 From e93cfa7b72252fbcb0a71404c6bd11b1193be8fa Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 25 Jul 2025 18:10:39 +0000 Subject: [PATCH 72/78] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 3523e5c..54e24d7 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.5.1 -Release: 8%{?dist} +Release: 9%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -145,6 +145,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Fri Jul 25 2025 Fedora Release Engineering - 4.5.1-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild + * Sat Jul 05 2025 Petr Lautrbach - 4.5.1-8 - Rebuilt with SELinux userspace 3.9-rc2 release From 17706eb7801657c220598912658cec2db91ce010 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Mon, 4 Aug 2025 17:23:41 +0200 Subject: [PATCH 73/78] Drop redundant runtime requirement on python3-setuptools (correction) This is a fixup for f5e19e21ecbb28266d998912873ecd84941c4409 --- 148.patch | 28 ++++++++++++++++++++++++++++ setools.spec | 8 +++++++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 148.patch diff --git a/148.patch b/148.patch new file mode 100644 index 0000000..ce7848c --- /dev/null +++ b/148.patch @@ -0,0 +1,28 @@ +From 200369a8df5feb62a0fb2b795ca26439ad6fdad5 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Tue, 8 Apr 2025 11:22:47 +0200 +Subject: [PATCH] Remove redundant runtime requirement on setuptools +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The dependency was dropped in 99a1cf3b50cd8bf502b5070293c4d1bf792d1566 + +Signed-off-by: Miro Hrončok +--- + setup.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/setup.py b/setup.py +index b2245ac7..6e83f8e7 100644 +--- a/setup.py ++++ b/setup.py +@@ -97,7 +97,7 @@ + # setup also requires libsepol and libselinux + # C libraries and headers to compile. + setup_requires=['setuptools', 'Cython>=0.29.14'], +- install_requires=['setuptools'], ++ install_requires=[], + extras_require={ + "analysis": ["networkx>=2.6", "pygraphviz"], + "test": "tox" diff --git a/setools.spec b/setools.spec index 54e24d7..9349704 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.5.1 -Release: 9%{?dist} +Release: 10%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -12,6 +12,9 @@ Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar Source1: setools.pam Source2: apol.desktop +# Remove redundant runtime requirement on setuptools +Patch: https://github.com/SELinuxProject/setools/pull/148.patch + Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison BuildRequires: glibc-devel, gcc, git-core @@ -145,6 +148,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Mon Aug 04 2025 Miro Hrončok - 4.5.1-10 +- Drop redundant runtime requirement on python3-setuptools (correction) + * Fri Jul 25 2025 Fedora Release Engineering - 4.5.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 1bd344a3eec0d7c7b1312843c5d0dd779efc0876 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 15 Aug 2025 15:17:29 +0200 Subject: [PATCH 74/78] Rebuilt for Python 3.14.0rc2 bytecode --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index 9349704..81b6685 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.5.1 -Release: 10%{?dist} +Release: 11%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -148,6 +148,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Fri Aug 15 2025 Python Maint - 4.5.1-11 +- Rebuilt for Python 3.14.0rc2 bytecode + * Mon Aug 04 2025 Miro Hrončok - 4.5.1-10 - Drop redundant runtime requirement on python3-setuptools (correction) From e6c218363b79bd5be5dd417953e53b4e4d9733ae Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Tue, 9 Sep 2025 10:23:26 +0200 Subject: [PATCH 75/78] SETools 4.6.0 --- .gitignore | 1 + 148.patch | 28 ---------------------------- setools.spec | 10 +++++----- sources | 2 +- 4 files changed, 7 insertions(+), 34 deletions(-) delete mode 100644 148.patch diff --git a/.gitignore b/.gitignore index ee1b313..b838721 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,4 @@ setools-3.3.8-f1e5b20.tar.bz2 /4.4.4.tar.gz /4.5.0.tar.gz /4.5.1.tar.gz +/4.6.0.tar.gz diff --git a/148.patch b/148.patch deleted file mode 100644 index ce7848c..0000000 --- a/148.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 200369a8df5feb62a0fb2b795ca26439ad6fdad5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= -Date: Tue, 8 Apr 2025 11:22:47 +0200 -Subject: [PATCH] Remove redundant runtime requirement on setuptools -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The dependency was dropped in 99a1cf3b50cd8bf502b5070293c4d1bf792d1566 - -Signed-off-by: Miro Hrončok ---- - setup.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/setup.py b/setup.py -index b2245ac7..6e83f8e7 100644 ---- a/setup.py -+++ b/setup.py -@@ -97,7 +97,7 @@ - # setup also requires libsepol and libselinux - # C libraries and headers to compile. - setup_requires=['setuptools', 'Cython>=0.29.14'], -- install_requires=['setuptools'], -+ install_requires=[], - extras_require={ - "analysis": ["networkx>=2.6", "pygraphviz"], - "test": "tox" diff --git a/setools.spec b/setools.spec index 81b6685..f1ef726 100644 --- a/setools.spec +++ b/setools.spec @@ -2,8 +2,8 @@ %global selinux_ver 3.9 Name: setools -Version: 4.5.1 -Release: 11%{?dist} +Version: 4.6.0 +Release: 1%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -12,9 +12,6 @@ Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar Source1: setools.pam Source2: apol.desktop -# Remove redundant runtime requirement on setuptools -Patch: https://github.com/SELinuxProject/setools/pull/148.patch - Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison BuildRequires: glibc-devel, gcc, git-core @@ -148,6 +145,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Tue Sep 09 2025 Petr Lautrbach - 4.6.0-1 +- SETools 4.6.0 + * Fri Aug 15 2025 Python Maint - 4.5.1-11 - Rebuilt for Python 3.14.0rc2 bytecode diff --git a/sources b/sources index fa454b3..386b801 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (4.5.1.tar.gz) = 6aef2e12495f980a0b71cf888170ee2f1de94785404b578d416d9720f2441ff3ef14c7ac434310e421c7fa885b8c8ef99aff6438ecfb5e8687d0ff4875127824 +SHA512 (4.6.0.tar.gz) = 5b654f480f285717d15fa55f754fbd00cb030a0d8af8342d901e0514c4fdbacb7873e19420dab98540eaa481c687ff1e03423df893c0d1744eb4c53eb81afbf5 From ace76941968afb96e8b60e53810346a62a47c2e4 Mon Sep 17 00:00:00 2001 From: Python Maint Date: Fri, 19 Sep 2025 14:55:49 +0200 Subject: [PATCH 76/78] Rebuilt for Python 3.14.0rc3 bytecode --- setools.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/setools.spec b/setools.spec index f1ef726..3e45b9d 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.6.0 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -145,6 +145,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Fri Sep 19 2025 Python Maint - 4.6.0-2 +- Rebuilt for Python 3.14.0rc3 bytecode + * Tue Sep 09 2025 Petr Lautrbach - 4.6.0-1 - SETools 4.6.0 From c0cc824e8f96e82071b6cf6d3070b0984a939347 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= Date: Thu, 2 Oct 2025 11:55:27 +0200 Subject: [PATCH 77/78] Drop redundant runtime requirement on python3-setuptools (redux) The patch was removed in https://src.fedoraproject.org/rpms/setools/c/e6c218363b79bd5be5dd417953e53b4e4d9733ae?branch=rawhide But we want to keep it. My upstream removal was reverted and later reapplied again, so update the the patch link to the latter one. --- 156.patch | 43 +++++++++++++++++++++++++++++++++++++++++++ setools.spec | 8 +++++++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 156.patch diff --git a/156.patch b/156.patch new file mode 100644 index 0000000..ea56fc1 --- /dev/null +++ b/156.patch @@ -0,0 +1,43 @@ +From 39f7c88251925463c38f5000f6178fe70b484f44 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Tue, 8 Apr 2025 11:22:47 +0200 +Subject: [PATCH] Remove redundant runtime requirement on setuptools +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The dependency was dropped in 99a1cf3b50cd8bf502b5070293c4d1bf792d1566 + +Add a build time dependency for setup.py build_ext on Python 3.12+ +which no longer contains distutils. + +Signed-off-by: Miro Hrončok +--- + pyproject.toml | 2 +- + tox.ini | 1 + + 2 files changed, 2 insertions(+), 1 deletion(-) + +diff --git a/pyproject.toml b/pyproject.toml +index f7815a15..28ae121a 100644 +--- a/pyproject.toml ++++ b/pyproject.toml +@@ -39,7 +39,7 @@ classifiers = ["Development Status :: 5 - Production/Stable", + + requires-python=">=3.10" + # also requires libsepol.so and libselinux.so. +-dependencies = ["setuptools"] ++dependencies = [] + + optional-dependencies.analysis = ["networkx>=2.6", + "pygraphviz"] +diff --git a/tox.ini b/tox.ini +index 8fa6954f..b2a21d6b 100644 +--- a/tox.ini ++++ b/tox.ini +@@ -56,5 +56,6 @@ deps = networkx>=2.6 + pygraphviz + pytest-qt + pytest-xvfb ++ setuptools;python_version>="3.12" + commands_pre = {envpython} setup.py build_ext -i + commands = {envpython} -m pytest tests diff --git a/setools.spec b/setools.spec index 3e45b9d..e9ada82 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.6.0 -Release: 2%{?dist} +Release: 3%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -12,6 +12,9 @@ Source0: https://github.com/SELinuxProject/setools/archive/%{version}.tar Source1: setools.pam Source2: apol.desktop +# Remove redundant runtime requirement on setuptools +Patch: https://github.com/SELinuxProject/setools/pull/156.patch + Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison BuildRequires: glibc-devel, gcc, git-core @@ -145,6 +148,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Thu Oct 02 2025 Miro Hrončok - 4.6.0-3 +- Drop redundant runtime requirement on python3-setuptools (redux) + * Fri Sep 19 2025 Python Maint - 4.6.0-2 - Rebuilt for Python 3.14.0rc3 bytecode From 630d9a66668ca07f5a2743614748c2519c441f0d Mon Sep 17 00:00:00 2001 From: Veronika Syncakova Date: Mon, 1 Dec 2025 15:48:06 +0100 Subject: [PATCH 78/78] setools-4.6.0-4 - Fix seinfo argument parsing when policy path follows query options --- 157.patch | 42 ++++++++++++++++++++++++++++++++++++++++++ setools.spec | 7 ++++++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 157.patch diff --git a/157.patch b/157.patch new file mode 100644 index 0000000..24b6820 --- /dev/null +++ b/157.patch @@ -0,0 +1,42 @@ +From a33a2e394435316f3822e89ac9c2a9aabab17252 Mon Sep 17 00:00:00 2001 +From: Pranav Lawate +Date: Tue, 30 Sep 2025 22:29:10 +0530 +Subject: [PATCH] Fix seinfo argument parsing when policy path follows query + options + +Signed-off-by: Pranav Lawate +--- + seinfo | 13 +++++++++++++ + 1 file changed, 13 insertions(+) + +diff --git a/seinfo b/seinfo +index 99180c36..d04ec320 100755 +--- a/seinfo ++++ b/seinfo +@@ -12,6 +12,7 @@ import logging + import signal + import ipaddress + import warnings ++from pathlib import Path + from typing import Callable, List, Tuple + + +@@ -102,6 +103,18 @@ xen.add_argument("--devicetreecon", help="Print all devicetreecon statements.", + + args = parser.parse_args() + ++# Fix argument misparsing: when policy is None and a query option is a string, ++# check if the string is actually a policy file that is incorrectly consumed by the query option ++if not args.policy: ++ # Check all query options defined in the queries argument group ++ for action in queries._group_actions: ++ value = getattr(args, action.dest, None) ++ if isinstance(value, str) and Path(value).exists(): ++ # This query argument consumed the policy path - fix it ++ args.policy = value ++ setattr(args, action.dest, True) ++ break ++ + if args.debug: + logging.basicConfig(level=logging.DEBUG, + format='%(asctime)s|%(levelname)s|%(name)s|%(message)s') diff --git a/setools.spec b/setools.spec index e9ada82..e43d04a 100644 --- a/setools.spec +++ b/setools.spec @@ -3,7 +3,7 @@ Name: setools Version: 4.6.0 -Release: 3%{?dist} +Release: 4%{?dist} Summary: Policy analysis tools for SELinux License: GPL-2.0-only AND LGPL-2.1-only @@ -14,6 +14,8 @@ Source2: apol.desktop # Remove redundant runtime requirement on setuptools Patch: https://github.com/SELinuxProject/setools/pull/156.patch +# Fix seinfo argument parsing when policy path follows query +Patch: https://github.com/SELinuxProject/setools/pull/157.patch Obsoletes: setools < 4.0.0, setools-devel < 4.0.0 BuildRequires: flex, bison @@ -148,6 +150,9 @@ Python modules designed to facilitate SELinux policy analysis. %{_mandir}/ru/man1/apol* %changelog +* Mon Dec 01 2025 Veronika Syncakova - 4.6.0-4 +- Fix seinfo argument parsing when policy path follows query options + * Thu Oct 02 2025 Miro Hrončok - 4.6.0-3 - Drop redundant runtime requirement on python3-setuptools (redux)