Merge pull request #90 from pebenito/misc

Various updates.
2025-03-24 20:16:28 +00:00 · 2023-03-30 08:51:14 -04:00 · 2023-03-30 08:51:14 -04:00 · dee89793f8
commit dee89793f8
parent fbce6e8324 6df34dc44d
13 changed files with 655 additions and 398 deletions
--- a/.coveragerc
+++ b/.coveragerc
@ -1,11 +0,0 @@
 #coverage.py configuration
 [run]
 source = setools
 plugins = Cython.Coverage
 [report]
 exclude_lines =
    pragma: no cover
    def __repr__
    raise NotImplementedError
    return NotImplemented
--- a/.mypy.ini
+++ b/.mypy.ini
@ -1,19 +0,0 @@
 [mypy]
 no_implicit_optional = True
 pretty = True
 # NetworkX does not have annotations
 [mypy-networkx]
 ignore_missing_imports = True
 [mypy-networkx.*]
 ignore_missing_imports = True
 [mypy-PyQt5.*]
 ignore_missing_imports = True
 [mypy-sip]
 ignore_missing_imports = True
 [mypy-pkg_resources]
 ignore_missing_imports = True
--- a/.pylintrc
+++ b/.pylintrc
@ -1,332 +0,0 @@
 [MASTER]
 # Specify a configuration file.
 #rcfile=
 # Python code to execute, usually for sys.path manipulation such as
 # pygtk.require().
 #init-hook=
 # Add files or directories to the blacklist. They should be base names, not
 # paths.
 ignore=CVS
 # Pickle collected data for later comparisons.
 persistent=yes
 # List of plugins (as comma separated values of python modules names) to load,
 # usually to register additional checkers.
 load-plugins=
 # Use multiple processes to speed up Pylint.
 jobs=0
 # Allow loading of arbitrary C extensions. Extensions are imported into the
 # active Python interpreter and may run arbitrary code.
 unsafe-load-any-extension=no
 # A comma-separated list of package or module names from where C extensions may
 # be loaded. Extensions are loading into the active Python interpreter and may
 # run arbitrary code
 extension-pkg-whitelist=setools.policyrep
 [MESSAGES CONTROL]
 # Only show warnings with the listed confidence levels. Leave empty to show
 # all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED
 confidence=
 # Enable the message, report, category or checker with the given id(s). You can
 # either give multiple identifier separated by comma (,) or put this option
 # multiple time. See also the "--disable" option for examples.
 #enable=
 # Disable the message, report, category or checker with the given id(s). You
 # can either give multiple identifiers separated by comma (,) or put this
 # option multiple times (only on the command line, not in the configuration
 # file where it should appear only once).You can also use "--disable=all" to
 # disable everything first and then reenable specific checks. For example, if
 # you want to run only the similarities checker, you can use "--disable=all
 # --enable=similarities". If you want to run only the classes checker, but have
 # no Warning level messages displayed, use"--disable=all --enable=classes
 # --disable=W"
 # format: enforced by pep8 tool
 disable=I,logging-format-interpolation,format,similarities
 [REPORTS]
 # Set the output format. Available formats are text, parseable, colorized, msvs
 # (visual studio) and html. You can also give a reporter class, eg
 # mypackage.mymodule.MyReporterClass.
 output-format=text
 # Tells whether to display a full report or only the messages
 reports=no
 # Python expression which should return a note less than 10 (10 is the highest
 # note). You have access to the variables errors warning, statement which
 # respectively contain the number of errors / warnings messages and the total
 # number of statements analyzed. This is used by the global evaluation report
 # (RP0004).
 evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
 # Template used to display messages. This is a python new-style format string
 # used to format the message information. See doc for all details
 #msg-template=
 [BASIC]
 # List of builtins function names that should not be used, separated by a comma
 bad-functions=map,filter
 # Good variable names which should always be accepted, separated by a comma
 good-names=i,j,k,s,t,ex,fs,Run,_
 # Bad variable names which should always be refused, separated by a comma
 bad-names=foo,bar,baz,toto,tutu,tata
 # Colon-delimited sets of names that determine each other's naming style when
 # the name regexes allow several styles.
 name-group=
 # Include a hint for the correct naming format with invalid-name
 include-naming-hint=no
 # Regular expression matching correct constant names
 const-rgx=(([A-Z_][A-Z0-9_]*)|(__.*__))$
 # Regular expression matching correct method names
 method-rgx=[a-z_][a-z0-9_]{2,30}$
 # Regular expression matching correct function names
 function-rgx=[a-z_][a-z0-9_]{2,30}$
 # Regular expression matching correct class attribute names
 class-attribute-rgx=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
 # Naming hint for class attribute names
 class-attribute-name-hint=([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
 # Regular expression matching correct attribute names
 attr-rgx=[a-z_][a-z0-9_]{2,30}$
 # Regular expression matching correct class names
 class-rgx=[A-Z_][a-zA-Z0-9]+$
 # Regular expression matching correct module names
 module-rgx=(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
 # Regular expression matching correct inline iteration names
 inlinevar-rgx=[A-Za-z_][A-Za-z0-9_]*$
 # Regular expression matching correct argument names
 argument-rgx=[a-z_][a-z0-9_]{2,30}$
 # Regular expression matching correct variable names
 variable-rgx=[a-z_][a-z0-9_]{2,30}$
 # Regular expression which should only match function or class names that do
 # not require a docstring.
 no-docstring-rgx=^_
 # Minimum line length for functions/classes that require docstrings, shorter
 # ones are exempt.
 docstring-min-length=-1
 [ELIF]
 # Maximum number of nested blocks for function / method body
 max-nested-blocks=5
 [LOGGING]
 # Logging modules to check that the string format arguments are in logging
 # function parameter format
 logging-modules=logging
 [MISCELLANEOUS]
 # List of note tags to take in consideration, separated by a comma.
 notes=FIXME,XXX,TODO
 [SPELLING]
 # Spelling dictionary name. Available dictionaries: none. To make it working
 # install python-enchant package.
 spelling-dict=
 # List of comma separated words that should not be checked.
 spelling-ignore-words=
 # A path to a file that contains private dictionary; one word per line.
 spelling-private-dict-file=
 # Tells whether to store unknown words to indicated private dictionary in
 # --spelling-private-dict-file option instead of raising a message.
 spelling-store-unknown-words=no
 [FORMAT]
 # Maximum number of characters on a single line.
 max-line-length=100
 # Regexp for a line that is allowed to be longer than the limit.
 ignore-long-lines=^\s*(# )?<?https?://\S+>?$
 # Allow the body of an if to be on the same line as the test if there is no
 # else.
 single-line-if-stmt=no
 # Maximum number of lines in a module
 max-module-lines=1000
 # String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
 # tab).
 indent-string='    '
 # Number of spaces of indent required inside a hanging  or continued line.
 indent-after-paren=4
 # Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
 expected-line-ending-format=
 [TYPECHECK]
 # Tells whether missing members accessed in mixin class should be ignored. A
 # mixin class is detected if its name ends with "mixin" (case insensitive).
 ignore-mixin-members=yes
 # List of module names for which member attributes should not be checked
 # (useful for modules/projects where namespaces are manipulated during runtime
 # and thus existing member attributes cannot be deduced by static analysis. It
 # supports qualified module names, as well as Unix pattern matching.
 ignored-modules=
 # List of classes names for which member attributes should not be checked
 # (useful for classes with attributes dynamically set). This supports can work
 # with qualified names.
 ignored-classes=
 # List of members which are set dynamically and missed by pylint inference
 # system, and so shouldn't trigger E1101 when accessed. Python regular
 # expressions are accepted.
 generated-members=
 [SIMILARITIES]
 # Minimum lines number of a similarity.
 min-similarity-lines=4
 # Ignore comments when computing similarities.
 ignore-comments=yes
 # Ignore docstrings when computing similarities.
 ignore-docstrings=yes
 # Ignore imports when computing similarities.
 ignore-imports=no
 [VARIABLES]
 # Tells whether we should check for unused import in __init__ files.
 init-import=no
 # A regular expression matching the name of dummy variables (i.e. expectedly
 # not used).
 dummy-variables-rgx=_$|dummy
 # List of additional names supposed to be defined in builtins. Remember that
 # you should avoid to define new builtins when possible.
 additional-builtins=
 # List of strings which can identify a callback function by name. A callback
 # name must start or end with one of those strings.
 callbacks=cb_,_cb
 [IMPORTS]
 # Deprecated modules which should not be used, separated by a comma
 deprecated-modules=optparse
 # Create a graph of every (i.e. internal and external) dependencies in the
 # given file (report RP0402 must not be disabled)
 import-graph=
 # Create a graph of external dependencies in the given file (report RP0402 must
 # not be disabled)
 ext-import-graph=
 # Create a graph of internal dependencies in the given file (report RP0402 must
 # not be disabled)
 int-import-graph=
 [DESIGN]
 # Maximum number of arguments for function / method
 max-args=20
 # Argument names that match this expression will be ignored. Default to name
 # with leading underscore
 ignored-argument-names=_.*
 # Maximum number of locals for function / method body
 max-locals=20
 # Maximum number of return / yield for function / method body
 max-returns=6
 # Maximum number of branch for function / method body
 max-branches=15
 # Maximum number of statements in function / method body
 max-statements=50
 # Maximum number of parents for a class (see R0901).
 max-parents=7
 # Maximum number of attributes for a class (see R0902).
 max-attributes=20
 # Minimum number of public methods for a class (see R0903).
 min-public-methods=2
 # Maximum number of public methods for a class (see R0904).
 max-public-methods=20
 # Maximum number of boolean expressions in a if statement
 max-bool-expr=5
 [CLASSES]
 # List of method names used to declare (i.e. assign) instance attributes.
 defining-attr-methods=__init__,__new__,setUp
 # List of valid names for the first argument in a class method.
 valid-classmethod-first-arg=cls
 # List of valid names for the first argument in a metaclass class method.
 valid-metaclass-classmethod-first-arg=mcs
 # List of member names, which should be excluded from the protected access
 # warning.
 exclude-protected=_asdict,_fields,_replace,_source,_make
 [EXCEPTIONS]
 # Exceptions that will emit a warning when being caught. Defaults to
 # "Exception"
 overgeneral-exceptions=builtins.Exception
--- a/README.md
+++ b/README.md
@ -1,5 +1,4 @@
 # SETools: Policy analysis tools for SELinux
 https://github.com/SELinuxProject/setools/wiki
 ## Overview
@ -13,6 +12,7 @@ SETools uses the Python setuptools build system to build, and install.
 As such it contains a setup.py script that will install the tools.
 To run SETools command line tools, the following packages are required:
 * Python 3.6+
 * NetworkX 2.0+ (2.6+ for Python 3.9+)
 * setuptools
@ -21,17 +21,20 @@ To run SETools command line tools, the following packages are required:
 * libsepol 3.2+
 To run SETools graphical tools, the following packages are also required:
 * PyQt5
 * qt5-assistant
 * qt-devel (only if rebuilding the help file)
 To build SETools, the following development packages are required, in
 addition to the development packages from the above list:
 * gcc
 * cython 0.27+ (0.29.14+ for Python 3.8+)
 To run SETools unit tests, the following packages are required, in
 addition to the above dependencies:
 * pytest
 * tox (optional)
@ -41,23 +44,25 @@ SETools is included in most Linux distributions which support
 SELinux, such as Fedora, Red Hat Enterprise Linux, Gentoo,
 and Debian.
-Official releases of SETools may be freely downloaded from:
+Official releases of SETools may be freely downloaded from the
-
+[GitHub releases page](https://github.com/SELinuxProject/setools/releases).
 https://github.com/SELinuxProject/setools/releases
 SETools source code is maintained within a GitHub repository.
 From the command line do:
-```
+
 ```bash
  $ git clone https://github.com/SELinuxProject/setools.git
 ```
-You may also browse the GitHub repository at
+
-https://github.com/SELinuxProject/setools.  The master branch
+You may also browse the [GitHub repository](https://github.com/SELinuxProject/setools).
-has development code that may not be stable.  Each release series
+The master branch has development code that may not be stable.  Each release
-is considered stable, and has its own branch, e.g. "4.0" for all
+series is considered stable, and has its own branch, e.g. "4.0" for all
 4.0.* releases.  To checkout a stable branch, do:
-```
+
 ```bash
  $ git checkout 4.0
 ```
 Where `4.0` is the release series.  Each release will have a tag.
 ### Building SETools for Local Use
@ -65,19 +70,22 @@ Where `4.0` is the release series.  Each release will have a tag.
 To use SETools locally, without installing it onto the system,
 unpack the official distribution or check out the git repository,
 and perform the following at the root:
-```
+
 ```bash
  $ python setup.py build_ext -i
 ```
 This will compile the C portion of SETools locally, and then
-the tools can be ran from the current directory (e.g. ```./seinfo```).
+the tools can be ran from the current directory (e.g. `./seinfo`).
 ### Rebuilding the Apol Help File
 For convenience, a prebuilt copy of the apol help data file is included.
 To rebuild this file, the Qt5 development tools are required
-(particularly, the ```qcollectiongenerator``` tool).  At the root
+(particularly, the `qcollectiongenerator` tool).  At the root
 of the SETools sources, perform the following:
-```
+
 ```bash
  $ python setup.py build_qhc
 ```
@ -85,38 +93,40 @@ of the SETools sources, perform the following:
 Unpack the official distribution or check out the git repository,
 and perform the following at the root:
-```
+
 ```bash
  $ python setup.py build_ext
  $ python setup.py build
  $ python setup.py install
 ```
-This will put the applications in /usr/bin, data files in /usr/share/setools,
+
-and libraries in /usr/lib/pythonX.Y/site-packages/setools.
+This will put the applications in /usr/bin, data files in `/usr/share/setools`,
 and libraries in `/usr/lib/pythonX.Y/site-packages/setools`.
 ### Building SETools with a Local Libsepol and Libselinux
 At times, SETools requires a newer libsepol than is available from
 distributions.  To use a locally-built libsepol instead of the libsepol
 provided by the Linux distribution, build the libsepol sources and then
-set the USERSPACE_SRC environmental variable to the path to the root of
+set the `USERSPACE_SRC` environmental variable to the path to the root of
 SELinux userspace source tree. The libsepol and libselinux must already
 be compiled.
-```
+```bash
  $ export USERSPACE_SRC=/home/user/src/selinux
  $ python setup.py build_ext
  $ python setup.py build
  $ python setup.py install
 ```
-This feature assumes that the directory structure at $USERSPACE_SRC is the
+This feature assumes that the directory structure at `$USERSPACE_SRC` is the
 same as the SELinux userspace code checked out from GitHub.
 Since SETools is dynamically linked to libsepol and libselinux, you must
 specify the path to the libsepol/src and libselinux/src directories by
-using LD_LIBRARY_PATH so that the newer versions of the libraries are used.
+using `LD_LIBRARY_PATH` so that the newer versions of the libraries are used.
-```
+```bash
  $ export LD_LIBRARY_PATH="/home/user/src/selinux/libsepol/src:/home/user/src/selinux/libselinux/src"
  $ ./seinfo policy.31
  $ ./sesearch -A sysadm_t policy.31
@ -133,7 +143,7 @@ One goal for SETools is to provide confidence in the validity of the
 output for the tools.  The unit tests for SETools can be run with
 the following commands:
-```
+```bash
  $ python setup.py build_ext -i
  $ pytest tests
 ```
@ -169,15 +179,13 @@ do our best to maintain API stability.
 ### Reporting bugs
-Bugs can be reported in the SETools GitHub issues tracker:
+Bugs can be reported in the [SETools GitHub issues tracker](https://github.com/SELinuxProject/setools/issues).
 https://github.com/SELinuxProject/setools/issues
 ### Copyright license
 The intent is to allow free use of this source code.  All programs'
 source files are copyright protected and freely distributed under the
-GNU General Public License (see COPYING.GPL).  All library source
+GNU General Public License (see `COPYING.GPL`).  All library source
 files are copyright under the GNU Lesser General Public License (see
-COPYING.LGPL).  All files distributed with this package indicate the
+`COPYING.LGPL`).  All files distributed with this package indicate the
 appropriate license to use.  Absolutely no warranty is provided or implied.
--- a/11
+++ b/11
@ -7,6 +7,7 @@
 import sys
 import argparse
 import logging
 import warnings
 from PyQt5.QtWidgets import QApplication
 import setools
@ -30,13 +31,23 @@ if args.debug:
    console_handler.setLevel(logging.DEBUG)
    console_handler.setFormatter(
        logging.Formatter('%(asctime)s|%(levelname)s|%(name)s|%(message)s'))
    if not sys.warnoptions:
        warnings.simplefilter("default")
 elif args.verbose:
    console_handler.setLevel(logging.INFO)
    console_handler.setFormatter(logging.Formatter('%(message)s'))
    if not sys.warnoptions:
        warnings.simplefilter("default")
 else:
    console_handler.setLevel(logging.WARNING)
    console_handler.setFormatter(logging.Formatter('%(message)s'))
    if not sys.warnoptions:
        warnings.simplefilter("ignore")
 logging.getLogger().addHandler(console_handler)
 try:
--- a/pyproject.toml
+++ b/pyproject.toml
@ -2,6 +2,564 @@
 requires = ["setuptools", "Cython>=0.27"]
 build-backend = "setuptools.build_meta"
 #
 # Coverage config
 #
 [tool.coverage.run]
 source = ["setools"]
 plugins = ["Cython.Coverage"]
 [tool.coverage.report]
 exclude_lines = ["pragma: no cover",
                 "def __repr__",
                 "raise NotImplementedError",
                 "return NotImplemented"]
 #
 # Mypy config
 #
 [tool.mypy]
 no_implicit_optional = true
 pretty = true
 [[tool.mypy.overrides]]
 module = ['networkx.*',
          'PyQt5.*',
          'sip']
 ignore_missing_imports = true
 #
 # Pylint config
 #
 [tool.pylint.main]
 # Analyse import fallback blocks. This can be used to support both Python 2 and 3
 # compatible code, which means that the block might have code that exists only in
 # one or another interpreter, leading to false positives when analysed.
 # analyse-fallback-blocks =
 # Always return a 0 (non-error) status code, even if lint errors are found. This
 # is primarily useful in continuous integration scripts.
 # exit-zero =
 # A comma-separated list of package or module names from where C extensions may
 # be loaded. Extensions are loading into the active Python interpreter and may
 # run arbitrary code.
 # extension-pkg-allow-list =
 # A comma-separated list of package or module names from where C extensions may
 # be loaded. Extensions are loading into the active Python interpreter and may
 # run arbitrary code. (This is an alternative name to extension-pkg-allow-list
 # for backward compatibility.)
 extension-pkg-whitelist = ["setools.policyrep"]
 # Return non-zero exit code if any of these messages/categories are detected,
 # even if score is above --fail-under value. Syntax same as enable. Messages
 # specified are enabled, while categories only check already-enabled messages.
 # fail-on =
 # Specify a score threshold to be exceeded before program exits with error.
 fail-under = 10
 # Interpret the stdin as a python script, whose filename needs to be passed as
 # the module_or_package argument.
 # from-stdin =
 # Files or directories to be skipped. They should be base names, not paths.
 ignore = ["CVS"]
 # Add files or directories matching the regex patterns to the ignore-list. The
 # regex matches against paths and can be in Posix or Windows format.
 # ignore-paths =
 # Files or directories matching the regex patterns are skipped. The regex matches
 # against base names, not paths. The default value ignores Emacs file locks
 ignore-patterns = ["^\\.#"]
 # List of module names for which member attributes should not be checked (useful
 # for modules/projects where namespaces are manipulated during runtime and thus
 # existing member attributes cannot be deduced by static analysis). It supports
 # qualified module names, as well as Unix pattern matching.
 # ignored-modules =
 # Python code to execute, usually for sys.path manipulation such as
 # pygtk.require().
 # init-hook =
 # Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
 # number of processors available to use, and will cap the count on Windows to
 # avoid hangs.
 jobs = 0
 # Control the amount of potential inferred values when inferring a single object.
 # This can help the performance when dealing with large functions or complex,
 # nested conditions.
 limit-inference-results = 100
 # List of plugins (as comma separated values of python module names) to load,
 # usually to register additional checkers.
 # load-plugins =
 # Pickle collected data for later comparisons.
 persistent = true
 # Minimum Python version to use for version dependent checks. Will default to the
 # version used to run pylint.
 # py-version =
 # Discover python modules and packages in the file system subtree.
 # recursive =
 # When enabled, pylint would attempt to guess common misconfiguration and emit
 # user-friendly hints instead of false-positive error messages.
 suggestion-mode = true
 # Allow loading of arbitrary C extensions. Extensions are imported into the
 # active Python interpreter and may run arbitrary code.
 # unsafe-load-any-extension =
 [tool.pylint.basic]
 # Naming style matching correct argument names.
 argument-naming-style = "snake_case"
 # Regular expression matching correct argument names. Overrides argument-naming-
 # style. If left empty, argument names will be checked with the set naming style.
 argument-rgx = "[a-z_][a-z0-9_]{2,30}$"
 # Naming style matching correct attribute names.
 attr-naming-style = "snake_case"
 # Regular expression matching correct attribute names. Overrides attr-naming-
 # style. If left empty, attribute names will be checked with the set naming
 # style.
 attr-rgx = "[a-z_][a-z0-9_]{2,30}$"
 # Bad variable names which should always be refused, separated by a comma.
 bad-names = ["foo", "bar", "baz", "toto", "tutu", "tata"]
 # Bad variable names regexes, separated by a comma. If names match any regex,
 # they will always be refused
 # bad-names-rgxs =
 # Naming style matching correct class attribute names.
 class-attribute-naming-style = "any"
 # Regular expression matching correct class attribute names. Overrides class-
 # attribute-naming-style. If left empty, class attribute names will be checked
 # with the set naming style.
 class-attribute-rgx = "([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$"
 # Naming style matching correct class constant names.
 class-const-naming-style = "UPPER_CASE"
 # Regular expression matching correct class constant names. Overrides class-
 # const-naming-style. If left empty, class constant names will be checked with
 # the set naming style.
 # class-const-rgx =
 # Naming style matching correct class names.
 class-naming-style = "PascalCase"
 # Regular expression matching correct class names. Overrides class-naming-style.
 # If left empty, class names will be checked with the set naming style.
 class-rgx = "[A-Z_][a-zA-Z0-9]+$"
 # Naming style matching correct constant names.
 const-naming-style = "UPPER_CASE"
 # Regular expression matching correct constant names. Overrides const-naming-
 # style. If left empty, constant names will be checked with the set naming style.
 const-rgx = "(([A-Z_][A-Z0-9_]*)|(__.*__))$"
 # Minimum line length for functions/classes that require docstrings, shorter ones
 # are exempt.
 docstring-min-length = -1
 # Naming style matching correct function names.
 function-naming-style = "snake_case"
 # Regular expression matching correct function names. Overrides function-naming-
 # style. If left empty, function names will be checked with the set naming style.
 function-rgx = "[a-z_][a-z0-9_]{2,30}$"
 # Good variable names which should always be accepted, separated by a comma.
 good-names = ["i", "j", "k", "s", "t", "ex", "fs", "Run", "_"]
 # Good variable names regexes, separated by a comma. If names match any regex,
 # they will always be accepted
 # good-names-rgxs =
 # Include a hint for the correct naming format with invalid-name.
 # include-naming-hint =
 # Naming style matching correct inline iteration names.
 inlinevar-naming-style = "any"
 # Regular expression matching correct inline iteration names. Overrides
 # inlinevar-naming-style. If left empty, inline iteration names will be checked
 # with the set naming style.
 inlinevar-rgx = "[A-Za-z_][A-Za-z0-9_]*$"
 # Naming style matching correct method names.
 method-naming-style = "snake_case"
 # Regular expression matching correct method names. Overrides method-naming-
 # style. If left empty, method names will be checked with the set naming style.
 method-rgx = "[a-z_][a-z0-9_]{2,30}$"
 # Naming style matching correct module names.
 module-naming-style = "snake_case"
 # Regular expression matching correct module names. Overrides module-naming-
 # style. If left empty, module names will be checked with the set naming style.
 module-rgx = "(([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$"
 # Colon-delimited sets of names that determine each other's naming style when the
 # name regexes allow several styles.
 # name-group =
 # Regular expression which should only match function or class names that do not
 # require a docstring.
 no-docstring-rgx = "^_"
 # List of decorators that produce properties, such as abc.abstractproperty. Add
 # to this list to register other decorators that produce valid properties. These
 # decorators are taken in consideration only for invalid-name.
 property-classes = ["abc.abstractproperty"]
 # Regular expression matching correct type variable names. If left empty, type
 # variable names will be checked with the set naming style.
 # typevar-rgx =
 # Naming style matching correct variable names.
 variable-naming-style = "snake_case"
 # Regular expression matching correct variable names. Overrides variable-naming-
 # style. If left empty, variable names will be checked with the set naming style.
 variable-rgx = "[a-z_][a-z0-9_]{2,30}$"
 [tool.pylint.classes]
 # Warn about protected attribute access inside special methods
 # check-protected-access-in-special-methods =
 # List of method names used to declare (i.e. assign) instance attributes.
 defining-attr-methods = ["__init__", "__new__", "setUp"]
 # List of member names, which should be excluded from the protected access
 # warning.
 exclude-protected = ["_asdict", "_fields", "_replace", "_source", "_make"]
 # List of valid names for the first argument in a class method.
 valid-classmethod-first-arg = ["cls"]
 # List of valid names for the first argument in a metaclass class method.
 valid-metaclass-classmethod-first-arg = ["mcs"]
 [tool.pylint.design]
 # List of regular expressions of class ancestor names to ignore when counting
 # public methods (see R0903)
 # exclude-too-few-public-methods =
 # List of qualified class names to ignore when counting class parents (see R0901)
 # ignored-parents =
 # Maximum number of arguments for function / method.
 max-args = 20
 # Maximum number of attributes for a class (see R0902).
 max-attributes = 20
 # Maximum number of boolean expressions in an if statement (see R0916).
 max-bool-expr = 5
 # Maximum number of branch for function / method body.
 max-branches = 15
 # Maximum number of locals for function / method body.
 max-locals = 20
 # Maximum number of parents for a class (see R0901).
 max-parents = 7
 # Maximum number of public methods for a class (see R0904).
 max-public-methods = 20
 # Maximum number of return / yield for function / method body.
 max-returns = 6
 # Maximum number of statements in function / method body.
 max-statements = 50
 # Minimum number of public methods for a class (see R0903).
 min-public-methods = 2
 [tool.pylint.exceptions]
 # Exceptions that will emit a warning when caught.
 overgeneral-exceptions = ["builtins.Exception"]
 [tool.pylint.format]
 # Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
 expected-line-ending-format = "LF"
 # Regexp for a line that is allowed to be longer than the limit.
 ignore-long-lines = "^\\s*(# )?<?https?://\\S+>?$"
 # Number of spaces of indent required inside a hanging or continued line.
 indent-after-paren = 4
 # String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
 # tab).
 indent-string = "    "
 # Maximum number of characters on a single line.
 max-line-length = 100
 # Maximum number of lines in a module.
 max-module-lines = 1000
 # Allow the body of a class to be on the same line as the declaration if body
 # contains single statement.
 # single-line-class-stmt =
 # Allow the body of an if to be on the same line as the test if there is no else.
 # single-line-if-stmt =
 [tool.pylint.imports]
 # List of modules that can be imported at any level, not just the top level one.
 # allow-any-import-level =
 # Allow wildcard imports from modules that define __all__.
 # allow-wildcard-with-all =
 # Deprecated modules which should not be used, separated by a comma.
 deprecated-modules = ["optparse"]
 # Output a graph (.gv or any supported image format) of external dependencies to
 # the given file (report RP0402 must not be disabled).
 # ext-import-graph =
 # Output a graph (.gv or any supported image format) of all (i.e. internal and
 # external) dependencies to the given file (report RP0402 must not be disabled).
 # import-graph =
 # Output a graph (.gv or any supported image format) of internal dependencies to
 # the given file (report RP0402 must not be disabled).
 # int-import-graph =
 # Force import order to recognize a module as part of the standard compatibility
 # libraries.
 # known-standard-library =
 # Force import order to recognize a module as part of a third party library.
 known-third-party = ["enchant"]
 # Couples of modules and preferred modules, separated by a comma.
 # preferred-modules =
 [tool.pylint.logging]
 # The type of string formatting that logging methods do. `old` means using %
 # formatting, `new` is for `{}` formatting.
 logging-format-style = "new"
 # Logging modules to check that the string format arguments are in logging
 # function parameter format.
 logging-modules = ["logging"]
 [tool.pylint."messages control"]
 # Only show warnings with the listed confidence levels. Leave empty to show all.
 # Valid levels: HIGH, CONTROL_FLOW, INFERENCE, INFERENCE_FAILURE, UNDEFINED.
 confidence = ["HIGH", "CONTROL_FLOW", "INFERENCE", "INFERENCE_FAILURE", "UNDEFINED"]
 # Disable the message, report, category or checker with the given id(s). You can
 # either give multiple identifiers separated by comma (,) or put this option
 # multiple times (only on the command line, not in the configuration file where
 # it should appear only once). You can also use "--disable=all" to disable
 # everything first and then re-enable specific checks. For example, if you want
 # to run only the similarities checker, you can use "--disable=all
 # --enable=similarities". If you want to run only the classes checker, but have
 # no Warning level messages displayed, use "--disable=all --enable=classes
 # --disable=W".
 disable = ["raw-checker-failed", "bad-inline-option", "locally-disabled", "file-ignored", "suppressed-message", "useless-suppression", "deprecated-pragma", "use-symbolic-message-instead", "c-extension-no-member", "logging-format-interpolation", "line-too-long", "too-many-lines", "trailing-whitespace", "missing-final-newline", "trailing-newlines", "bad-indentation", "unnecessary-semicolon", "multiple-statements", "superfluous-parens", "mixed-line-endings", "unexpected-line-ending-format", "duplicate-code"]
 # Enable the message, report, category or checker with the given id(s). You can
 # either give multiple identifier separated by comma (,) or put this option
 # multiple time (only on the command line, not in the configuration file where it
 # should appear only once). See also the "--disable" option for examples.
 # enable =
 [tool.pylint.miscellaneous]
 # List of note tags to take in consideration, separated by a comma.
 notes = ["FIXME", "XXX", "TODO"]
 # Regular expression of note tags to take in consideration.
 # notes-rgx =
 [tool.pylint.refactoring]
 # Maximum number of nested blocks for function / method body
 max-nested-blocks = 5
 # Complete name of functions that never returns. When checking for inconsistent-
 # return-statements if a never returning function is called then it will be
 # considered as an explicit return statement and no message will be printed.
 never-returning-functions = ["sys.exit", "argparse.parse_error"]
 [tool.pylint.reports]
 # Python expression which should return a score less than or equal to 10. You
 # have access to the variables 'fatal', 'error', 'warning', 'refactor',
 # 'convention', and 'info' which contain the number of messages in each category,
 # as well as 'statement' which is the total number of statements analyzed. This
 # score is used by the global evaluation report (RP0004).
 evaluation = "10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)"
 # Template used to display messages. This is a python new-style format string
 # used to format the message information. See doc for all details.
 # msg-template =
 # Set the output format. Available formats are text, parseable, colorized, json
 # and msvs (visual studio). You can also give a reporter class, e.g.
 # mypackage.mymodule.MyReporterClass.
 # output-format =
 # Tells whether to display a full report or only the messages.
 # reports =
 # Activate the evaluation score.
 score = true
 [tool.pylint.similarities]
 # Comments are removed from the similarity computation
 ignore-comments = true
 # Docstrings are removed from the similarity computation
 ignore-docstrings = true
 # Imports are removed from the similarity computation
 # ignore-imports =
 # Signatures are removed from the similarity computation
 ignore-signatures = true
 # Minimum lines number of a similarity.
 min-similarity-lines = 4
 [tool.pylint.spelling]
 # Limits count of emitted suggestions for spelling mistakes.
 max-spelling-suggestions = 4
 # Spelling dictionary name. Available dictionaries: none. To make it work,
 # install the 'python-enchant' package.
 # spelling-dict =
 # List of comma separated words that should be considered directives if they
 # appear at the beginning of a comment and should not be checked.
 spelling-ignore-comment-directives = "fmt: on,fmt: off,noqa:,noqa,nosec,isort:skip,mypy:"
 # List of comma separated words that should not be checked.
 # spelling-ignore-words =
 # A path to a file that contains the private dictionary; one word per line.
 # spelling-private-dict-file =
 # Tells whether to store unknown words to the private dictionary (see the
 # --spelling-private-dict-file option) instead of raising a message.
 # spelling-store-unknown-words =
 [tool.pylint.string]
 # This flag controls whether inconsistent-quotes generates a warning when the
 # character used as a quote delimiter is used inconsistently within a module.
 # check-quote-consistency =
 # This flag controls whether the implicit-str-concat should generate a warning on
 # implicit string concatenation in sequences defined over several lines.
 # check-str-concat-over-line-jumps =
 [tool.pylint.typecheck]
 # List of decorators that produce context managers, such as
 # contextlib.contextmanager. Add to this list to register other decorators that
 # produce valid context managers.
 contextmanager-decorators = ["contextlib.contextmanager"]
 # List of members which are set dynamically and missed by pylint inference
 # system, and so shouldn't trigger E1101 when accessed. Python regular
 # expressions are accepted.
 # generated-members =
 # Tells whether missing members accessed in mixin class should be ignored. A
 # class is considered mixin if its name matches the mixin-class-rgx option.
 # Tells whether to warn about missing members when the owner of the attribute is
 # inferred to be None.
 ignore-none = true
 # This flag controls whether pylint should warn about no-member and similar
 # checks whenever an opaque object is returned when inferring. The inference can
 # return multiple potential results while evaluating a Python object, but some
 # branches might not be evaluated, which results in partial inference. In that
 # case, it might be useful to still emit no-member and other checks for the rest
 # of the inferred objects.
 ignore-on-opaque-inference = true
 # List of symbolic message names to ignore for Mixin members.
 ignored-checks-for-mixins = ["no-member", "not-async-context-manager", "not-context-manager", "attribute-defined-outside-init"]
 # List of class names for which member attributes should not be checked (useful
 # for classes with dynamically set attributes). This supports the use of
 # qualified names.
 # ignored-classes =
 # Show a hint with possible names when a member name was not found. The aspect of
 # finding the hint is based on edit distance.
 missing-member-hint = true
 # The minimum edit distance a name should have in order to be considered a
 # similar match for a missing member name.
 missing-member-hint-distance = 1
 # The total number of similar names that should be taken in consideration when
 # showing a hint for a missing member.
 missing-member-max-choices = 1
 # Regex pattern to define which classes are considered mixins.
 mixin-class-rgx = ".*[Mm]ixin"
 # List of decorators that change the signature of a decorated function.
 # signature-mutators =
 [tool.pylint.variables]
 # List of additional names supposed to be defined in builtins. Remember that you
 # should avoid defining new builtins when possible.
 # additional-builtins =
 # Tells whether unused global variables should be treated as a violation.
 allow-global-unused-variables = true
 # List of names allowed to shadow builtins
 # allowed-redefined-builtins =
 # List of strings which can identify a callback function by name. A callback name
 # must start or end with one of those strings.
 callbacks = ["cb_", "_cb"]
 # A regular expression matching the name of dummy variables (i.e. expected to not
 # be used).
 dummy-variables-rgx = "_$|dummy"
 # Argument names that match this expression will be ignored. Default to name with
 # leading underscore.
 ignored-argument-names = "_.*"
 # Tells whether we should check for unused import in __init__ files.
 # init-import =
 # List of qualified module names which can have objects that can redefine
 # builtins.
 redefining-builtins-modules = ["six.moves", "past.builtins", "future.builtins", "builtins", "io"]
 #
 # Pytest config
 #
 [tool.pytest.ini_options]
 addopts = ["--import-mode=importlib",]
 pythonpath = "."
--- a/7
+++ b/7
@ -9,6 +9,7 @@ import argparse
 import sys
 import logging
 import signal
 import warnings
 signal.signal(signal.SIGPIPE, signal.SIG_DFL)
@ -26,10 +27,16 @@ args = parser.parse_args()
 if args.debug:
    logging.basicConfig(level=logging.DEBUG,
                        format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 elif args.verbose:
    logging.basicConfig(level=logging.INFO, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 else:
    logging.basicConfig(level=logging.WARNING, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("ignore")
 try:
    p = setools.SELinuxPolicy(args.policy)
--- a/7
+++ b/7
@ -9,6 +9,7 @@ import argparse
 import sys
 import logging
 import signal
 import warnings
 from itertools import chain
 from contextlib import suppress
 from typing import List
@ -115,10 +116,16 @@ all_differences = not any((args.class_, args.common, args.type_, args.attribute,
 if args.debug:
    logging.basicConfig(level=logging.DEBUG,
                        format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 elif args.verbose:
    logging.basicConfig(level=logging.INFO, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 else:
    logging.basicConfig(level=logging.WARNING, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("ignore")
 try:
    p1 = setools.SELinuxPolicy(args.POLICY1[0])
--- a/7
+++ b/7
@ -8,6 +8,7 @@ import sys
 import argparse
 import logging
 import signal
 import warnings
 import setools
@ -97,10 +98,16 @@ if args.target and not (args.shortest_path or args.all_paths):
 if args.debug:
    logging.basicConfig(level=logging.DEBUG,
                        format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 elif args.verbose:
    logging.basicConfig(level=logging.INFO, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 else:
    logging.basicConfig(level=logging.WARNING, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("ignore")
 try:
    p = setools.SELinuxPolicy(args.policy)
--- a/7
+++ b/7
@ -11,6 +11,7 @@ import sys
 import logging
 import signal
 import ipaddress
 import warnings
 from typing import Callable, List, Tuple
@ -102,10 +103,16 @@ args = parser.parse_args()
 if args.debug:
    logging.basicConfig(level=logging.DEBUG,
                        format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 elif args.verbose:
    logging.basicConfig(level=logging.INFO, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 else:
    logging.basicConfig(level=logging.WARNING, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("ignore")
 try:
    p = setools.SELinuxPolicy(args.policy)
--- a/7
+++ b/7
@ -9,6 +9,7 @@ import argparse
 import sys
 import logging
 import signal
 import warnings
 from typing import Dict, Optional
 signal.signal(signal.SIGPIPE, signal.SIG_DFL)
@ -66,10 +67,16 @@ if args.limit_flows < 0:
 if args.debug:
    logging.basicConfig(level=logging.DEBUG,
                        format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 elif args.verbose:
    logging.basicConfig(level=logging.INFO, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 else:
    logging.basicConfig(level=logging.WARNING, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("ignore")
 booleans: Optional[Dict[str, bool]] = None
 if args.booleans == 'default':
--- a/7
+++ b/7
@ -9,6 +9,7 @@ import argparse
 import sys
 import logging
 import signal
 import warnings
 signal.signal(signal.SIGPIPE, signal.SIG_DFL)
@ -125,10 +126,16 @@ if not args.tertypes and not args.mlsrtypes and not args.rbacrtypes:
 if args.debug:
    logging.basicConfig(level=logging.DEBUG,
                        format='%(asctime)s|%(levelname)s|%(name)s|%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 elif args.verbose:
    logging.basicConfig(level=logging.INFO, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("default")
 else:
    logging.basicConfig(level=logging.WARNING, format='%(message)s')
    if not sys.warnoptions:
        warnings.simplefilter("ignore")
 try:
    p = setools.SELinuxPolicy(args.policy)
--- a/tox.ini
+++ b/tox.ini
@ -1,5 +1,5 @@
 [tox]
-minversion      = 1.4
+minversion      = 2.4
 envlist         = py3, pep8, lint, mypy
 [pycodestyle]
@ -14,7 +14,8 @@ commands        = pycodestyle setools/ setoolsgui/ tests/ seinfo seinfoflow sedt
 [testenv:coverage]
 setenv          = SETOOLS_COVERAGE = 1
 deps            = {[testenv]deps}
-                  coverage>=4.0
+                  coverage>=5.0
 extras          = toml
 commands_pre    = coverage --version
                  coverage erase
                  {envpython} setup.py build_ext -i
@ -26,12 +27,13 @@ deps            = {[testenv]deps}
                  pylint>=2.8.0
 commands_pre    = pylint --version
                  {envpython} setup.py build_ext -i
-commands        = pylint -E --rcfile .pylintrc setools tests seinfo seinfoflow sedta sesearch sediff sechecker
+commands        = pylint -E setools tests seinfo seinfoflow sedta sesearch sediff sechecker
                  # pylint can't see all members introduced by PyQt uic
-                  pylint -E --rcfile .pylintrc --disable=no-member,import-error setoolsgui apol
+                  pylint -E --disable=no-member,import-error setoolsgui apol
 [testenv:mypy]
 deps            = {[testenv]deps}
                  types-setuptools
                  mypy
 commands_pre    = mypy --version
 commands        = mypy -p setools
@ -47,11 +49,9 @@ commands        = mypy -p setools
 [testenv]
 passenv         = USERSPACE_SRC
 deps            = networkx>=2.0
-                  cython>=0.27
+                  cython>=0.29.14
-                  pytest
+                  pytest>=6.0
                  py36: dataclasses
                  py38: cython>=0.29.14
                  py39: networkx>=2.6
                  py39: cython>=0.29.14
 commands_pre    = {envpython} setup.py build_ext -i
 commands        = pytest tests