[ANN] SETools 3.3 Release

[Christopher J. PeBenito]

A new release of SETools is now available on the Tresys OSS site, from
http://oss.tresys.com. The primary changes this release are performance
enhancements, especially for source policies, the ability to select
which AV rules are compared (allow and dontaudit only, for example) in
sediff and sediffx, and a rewrite of libsefs with C++.  The complete
change log for this release follows.

SETools 3.3:

SETools:

  * SETools now has an external dependency upon libsqlite3 >= 3.2.  The
    supplied configure script will enforce this dependency.

  * pkg-config scripts are installed with the SETools libraries.

libsefs:

  * Rewrite of library to have proper namespaces and much more usable
    object-oriented design.

  * SWIG wrappers generated for this library if the appropriate
    configure flags are set.

findcon, searchcon:

  * Merge searchcon's functionality into findcon.  The searchcon tool
    has been removed from SETools.

indexcon, replcon:

  * Updated to use new libsefs design.

apol:

  * Updated to use new libsefs design.

  * Modified to use the SWIG Tcl interface rather than a custom C
    library.  apol is now a combination of a Tcl script (simply called
    'apol') and associated packages that are required at runtime.

  * Neverallow rules are only loaded and expanded when the user
    performs a search for them.  This will dramatically speed up
    initial policy load time.

awish:

  * awish is no longer needed and thus has been removed from SETools.

sediff, sediffx:

  * Instead of differentiating "AV rules" or "TE rules", user now
    specifies which particular rule to compare (allow, dontaudit,
    type_transition, etc.).

  * Neverallow rules are only loaded and expanded when the user
    performs a diff upon them.  This will dramatically speed up
    initial policy load time.


-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150