* Thu Apr 09 2015 Petr Lautrbach <plautrba@redhat.com> 3.2.23-1

- setroubleshootd is set to be run as setroubleshoot user instead of root user
- several bugfixes

.gitignore

@@ -183,3 +183,4 @@ setroubleshoot-2.2.93.tar.gz
 /setroubleshoot-3.2.20.tar.gz
 /setroubleshoot-3.2.21.tar.gz
 /setroubleshoot-3.2.22.tar.gz
+/setroubleshoot-3.2.23.tar.gz

setroubleshoot.spec

@@ -1,7 +1,7 @@
 Summary: Helps troubleshoot SELinux problems
 Name: setroubleshoot
-Version: 3.2.22
+Version: 3.2.23
-Release: 2%{?dist}
+Release: 1%{?dist}
 License: GPLv2+
 Group: Applications/System
 URL: https://fedorahosted.org/setroubleshoot
@@ -11,6 +11,7 @@ URL: https://fedorahosted.org/setroubleshoot
 # ./autogen.sh
 # make dist
 Source0: %{name}-%{version}.tar.gz
+Source1: %{name}.tmpfiles
 BuildRequires: perl-XML-Parser
 BuildRequires: libcap-ng-devel
 BuildRequires: intltool gettext python
@@ -34,6 +35,7 @@ Requires: xdg-utils
 %define pkgvardatadir %{_localstatedir}/lib/%{name}
 %define pkgconfigdir  %{_sysconfdir}/%{name}
 %global pkgdatabase   %{pkgvardatadir}/setroubleshoot_database.xml
+%define username      setroubleshoot
 
 %description
 setroubleshoot GUI. Application that allows you to view setroubleshoot-server 
@@ -54,7 +56,8 @@ to user preference. The same tools can be run on existing log files.
 %{pkgpythondir}/browser.py*
 %{pkgpythondir}/gui_utils.py*
 %{_bindir}/seapplet
-%ghost /var/run/setroubleshoot
+%attr(0644,root,root) %{_tmpfilesdir}/%{name}.conf
+%attr(0711,setroubleshoot,setroubleshoot) %dir %{_rundir}/setroubleshoot
 
 %post
 touch --no-create %{_datadir}/icons/hicolor || :
@@ -84,48 +87,13 @@ rm -rf %{buildroot}
 make DESTDIR=%{buildroot} install
 desktop-file-install --vendor="" --dir=%{buildroot}%{_datadir}/applications %{buildroot}/%{_datadir}/applications/%{name}.desktop
 mkdir -p %{buildroot}%{pkgvardatadir}
+mkdir -p %{buildroot}%{_rundir}/setroubleshoot
 touch %{buildroot}%{pkgdatabase}
 touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
 rm -rf %{buildroot}/usr/share/doc/
+# create /run/setroubleshoot on boot
+install -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
 
-# Register as an application to be visible in the software center
-#
-# NOTE: It would be *awesome* if this file was maintained by the upstream
-# project, translated and installed into the right place during `make install`.
-#
-# See http://www.freedesktop.org/software/appstream/docs/ for more details.
-#
-mkdir -p $RPM_BUILD_ROOT%{_datadir}/appdata
-cat > $RPM_BUILD_ROOT%{_datadir}/appdata/%{name}.appdata.xml <<EOF
-<?xml version="1.0" encoding="UTF-8"?>
-<!-- Copyright 2014 Ryan Lerch <rlerch@redhat.com> -->
-<!--
-BugReportURL: https://fedorahosted.org/setroubleshoot/ticket/14
-SentUpstream: 2014-07-02
--->
-<application>
-  <id type="desktop">setroubleshoot.desktop</id>
-  <metadata_license>CC0-1.0</metadata_license>
-  <summary>Troubleshoot SELinux policy and access denials</summary>
-  <description>
-    <p>
-      The SELinux Troubleshooter provides a graphical user interface to help
-      diagnose SELinux policy issues.
-      When Access Vector Cache (AVC) denial messages are logged by SELinux,
-      the SELinux Troubleshooter generates a desktop notification containing
-      information about the problem and allows the user to launch the
-      troubleshooting interface to help track down the cause of the denial.
-    </p>
-  </description>
-  <url type="homepage">https://fedorahosted.org/setroubleshoot/</url>
-  <screenshots>
-    <screenshot type="default">https://fedorahosted.org/setroubleshoot/raw-attachment/wiki/WikiStart/setroubleshoot.png</screenshot>
-  </screenshots>
-  <!-- FIXME: change this to an upstream email address for spec updates
-  <updatecontact>someone_who_cares@upstream_project.org</updatecontact>
-   -->
-</application>
-EOF
 
 %find_lang %{name}
 
@@ -147,6 +115,7 @@ Requires: pygobject2
 Requires: dbus
 Requires: dbus-python
 Requires: polkit
+Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd
 
 %description server
 Provides tools to help diagnose SELinux problems. When AVC messages
@@ -154,6 +123,9 @@ are generated an alert can be generated that will give information
 about the problem and help track its resolution. Alerts can be configured
 to user preference. The same tools can be run on existing log files.
 
+%pre server
+getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgvardatadir} %{username}
+
 %post server
 %systemd_post auditd.service
 
@@ -199,9 +171,9 @@ rm -rf %{buildroot}
 %{pkgdatadir}/updater.py*
 %config(noreplace) %{pkgconfigdir}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.Setroubleshootd.conf
-%dir %{pkgvardatadir}
+%attr(0700,setroubleshoot,setroubleshoot) %dir %{pkgvardatadir}
-%ghost %attr(0600,root,root) %{pkgdatabase}
+%attr(0600,setroubleshoot,setroubleshoot) %{pkgdatabase}
-%ghost %attr(0644,root,root) %{pkgvardatadir}/email_alert_recipients
+%attr(0644,setroubleshoot,setroubleshoot) %{pkgvardatadir}/email_alert_recipients
 %{_mandir}/man8/sealert.8.gz
 %{_mandir}/man8/sedispatch.8.gz
 %{_mandir}/man8/setroubleshootd.8.gz
@@ -212,6 +184,10 @@ rm -rf %{buildroot}
 %{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
 
 %changelog
+* Thu Apr 09 2015 Petr Lautrbach <plautrba@redhat.com> 3.2.23-1
+- setroubleshootd is set to be run as setroubleshoot user instead of root user
+- several bugfixes
+
 * Thu Mar 26 2015 Richard Hughes <rhughes@redhat.com> - 3.2.22-2
 - Add an AppData file for the software center
 

setroubleshoot.tmpfiles

@@ -0,0 +1 @@
+d /run/setroubleshoot 711 setroubleshoot setroubleshoot -

sources

@@ -1 +1,2 @@
 ed14365d69cc9469e190cbe8cb88377e  setroubleshoot-3.2.22.tar.gz
+5623b088d6847e79c00a2b1cabad9555  setroubleshoot-3.2.23.tar.gz