-
Notifications
You must be signed in to change notification settings - Fork 67
SETools 4 on Fedora 23
SETools now requires libsepol 2.5, which is not available on Fedora 23. The following instructions are no longer complete.
To use SETools4 locally on Fedora 23, you'll need to install the following packages:
- bison
- flex
- gcc
- libsepol-devel
- libsepol-static
- libselinux-devel
- policycoreutils-python3
- python3-networkx
- swig
- bzip2-devel
- redhat-rpm-config
- python3-qt5 (if using GUI tools)
Fedora 23 has Python 2.7 and 3.4; change SETools to explicitly use Python 3:
$ patch -p1 < patches/explicit-python3.diff
At this point you should be able to run the unit tests, which will also compile the C portion of SETools:
$ python3 setup.py test
You'll get these errors due to a bug in libsepol-2.3:
======================================================================
FAIL: test_009_lookup_cat_not_assoc (tests.policyrep.mls.LevelTest)
Level lookup with category not associated with sensitivity.
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/setools/tests/policyrep/mls.py", line 489, in test_009_lookup_cat_not_assoc
self.assertRaises(InvalidLevel, level_factory, self.p.policy, "s0:c0,c4")
AssertionError: InvalidLevel not raised
======================================================================
FAIL: test_007_range_lookup_invalid_range_low (tests.policyrep.mls.RangeTest)
Range lookup with an invalid range (low).
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/setools/tests/policyrep/mls.py", line 730, in test_007_range_lookup_invalid_range_low
self.assertRaises(InvalidRange, range_factory, self.p.policy, "s0:c13-s2:c13")
AssertionError: InvalidRange not raised
======================================================================
FAIL: test_008_range_lookup_invalid_range_high (tests.policyrep.mls.RangeTest)
Range lookup with an invalid range (high).
----------------------------------------------------------------------
Traceback (most recent call last):
File "/root/setools/tests/policyrep/mls.py", line 735, in test_008_range_lookup_invalid_range_high
self.assertRaises(InvalidRange, range_factory, self.p.policy, "s0-s0:c13")
AssertionError: InvalidRange not raised
----------------------------------------------------------------------
These errors would only be hit if an invalid level or range is entered by the user and only if it is invalid because a category was not associated to a level. Reference Policy associates all categories to all levels (Fedora's policy is based on Reference Policy), so these errors should never be hit except on heavily customized policies.
You should be able to use the command line tools locally now. If you installed python3-qt5, the GUI tools should also be usable.
$ ./seinfo
Statistics for policy file: /sys/fs/selinux/policy
Policy Version: 29 (MLS enabled, allow unknown permissions)
Classes: 92 Permissions: 439
Sensitivities: 1 Categories: 1024
Types: 4665 Attributes: 251
Users: 8 Roles: 14
Booleans: 306 Cond. Expr.: 357
Allow: 100024 Neverallow: 0
Auditallow: 153 Dontaudit: 7963
Type_trans: 67027 Type_change: 74
Type_member: 35 Range_trans: 5723
Role allow: 39 Role_trans: 418
Constraints: 38 Validatetrans: 0
MLS Constrain: 71 MLS Val. Tran: 0
Initial SIDs: 27 Fs_use: 28
Genfscon: 103 Portcon: 581
Netifcon: 0 Nodecon: 0
Permissives: 0 Polcap: 2
Defaults: 7 Typebounds: 0