setroubleshoot-3.3.23-1
- browser: Check return value of Gdk.Screen().get_default() - Improve and unify error messages - setroubleshoot.util: Catch exceptions from sepolicy import - Add dpkg support - Do not refer to hardcoded selinux-policy rpm in signature - Make date/time format locale specific - Improve speed of plugin evaluation
This commit is contained in:
Vit Mojzis
parent
3242bcadb0
commit
9c9318679f
|
|
@ -207,3 +207,4 @@ setroubleshoot-2.2.93.tar.gz
|
|||
/setroubleshoot-3.3.20.tar.gz
|
||||
/setroubleshoot-3.3.21.tar.gz
|
||||
/setroubleshoot-3.3.22.tar.gz
|
||||
/setroubleshoot-3.3.23.tar.gz
|
||||
|
|
|
|||
|
|
@ -1,28 +0,0 @@
|
|||
From 2b40f9e254ee2514a5ca113620b6761c0a1d2ae6 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Sat, 11 Jan 2020 10:19:25 +0100
|
||||
Subject: [PATCH] framework: sepolicy.info() returns a generator, not a list
|
||||
|
||||
Fixes:
|
||||
$ sealert -a ./short.log
|
||||
100% done'generator' object is not subscriptable
|
||||
---
|
||||
framework/src/setroubleshoot/audit_data.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/framework/src/setroubleshoot/audit_data.py b/framework/src/setroubleshoot/audit_data.py
|
||||
index 66986a7adfb0..6f0e1e8166ac 100644
|
||||
--- a/framework/src/setroubleshoot/audit_data.py
|
||||
+++ b/framework/src/setroubleshoot/audit_data.py
|
||||
@@ -713,7 +713,7 @@ class AVC:
|
||||
types = wtypes
|
||||
for t in types:
|
||||
if t in all_attributes:
|
||||
- wtypes.extend(info(ATTRIBUTE, t)[0]["types"])
|
||||
+ wtypes.extend(next(info(ATTRIBUTE, t))["types"])
|
||||
|
||||
for t in wtypes:
|
||||
if t in all_types:
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,40 +0,0 @@
|
|||
From fc7aad6d9df91eba2445eac53e09372d844f5fd3 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Sat, 11 Jan 2020 20:34:22 +0100
|
||||
Subject: [PATCH] framework: Log plugin exception traceback when log level is
|
||||
DEBUG
|
||||
|
||||
Use the following setting to enable traceback logging when there's a 'Plugin
|
||||
Exception'.
|
||||
|
||||
/etc/setroubleshoot/setroubleshoot.conf:
|
||||
[sealert_log]
|
||||
level = debug
|
||||
---
|
||||
framework/src/setroubleshoot/analyze.py | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/framework/src/setroubleshoot/analyze.py b/framework/src/setroubleshoot/analyze.py
|
||||
index e16a47a3791f..43b2484be353 100644
|
||||
--- a/framework/src/setroubleshoot/analyze.py
|
||||
+++ b/framework/src/setroubleshoot/analyze.py
|
||||
@@ -33,6 +33,7 @@ from gi.repository import GObject, GLib
|
||||
import os
|
||||
import time
|
||||
import threading
|
||||
+import traceback
|
||||
from stat import *
|
||||
import sys
|
||||
from functools import cmp_to_key
|
||||
@@ -213,6 +214,8 @@ class Analyze(object):
|
||||
except Exception as e:
|
||||
print(e, file=sys.stderr)
|
||||
syslog.syslog(syslog.LOG_ERR, "Plugin Exception %s " % plugin.analysis_id)
|
||||
+ (v1, v2, v3) = sys.exc_info()
|
||||
+ log_debug(join(traceback.format_tb(v3)))
|
||||
self.plugins.remove(plugin)
|
||||
|
||||
report_receiver.report_problem(siginfo)
|
||||
--
|
||||
2.25.1
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -1,111 +0,0 @@
|
|||
From 0248b9fa3bb7399ca9cc4883fe42468924fd3353 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Fri, 21 Feb 2020 10:05:17 +0100
|
||||
Subject: [PATCH] Drop old unused files
|
||||
|
||||
---
|
||||
framework/gui/.cvsignore | 2 --
|
||||
framework/po/.cvsignore | 16 ----------------
|
||||
framework/src/.browse.py.swp | Bin 16384 -> 0 bytes
|
||||
framework/src/.cvsignore | 5 -----
|
||||
4 files changed, 23 deletions(-)
|
||||
delete mode 100644 framework/gui/.cvsignore
|
||||
delete mode 100644 framework/po/.cvsignore
|
||||
delete mode 100644 framework/src/.browse.py.swp
|
||||
delete mode 100644 framework/src/.cvsignore
|
||||
|
||||
diff --git a/framework/gui/.cvsignore b/framework/gui/.cvsignore
|
||||
deleted file mode 100644
|
||||
index 282522db0342..000000000000
|
||||
--- a/framework/gui/.cvsignore
|
||||
+++ /dev/null
|
||||
@@ -1,2 +0,0 @@
|
||||
-Makefile
|
||||
-Makefile.in
|
||||
diff --git a/framework/po/.cvsignore b/framework/po/.cvsignore
|
||||
deleted file mode 100644
|
||||
index 1c34a2cc0c8e..000000000000
|
||||
--- a/framework/po/.cvsignore
|
||||
+++ /dev/null
|
||||
@@ -1,16 +0,0 @@
|
||||
-*.gmo
|
||||
-*.mo
|
||||
-*.pot
|
||||
-.intltool-merge-cache
|
||||
-Makefile
|
||||
-Makefile.in
|
||||
-Makefile.in.in
|
||||
-POTFILES
|
||||
-cat-id-tbl.c
|
||||
-messages
|
||||
-missing
|
||||
-notexist
|
||||
-po2tbl.sed
|
||||
-po2tbl.sed.in
|
||||
-stamp-cat-id
|
||||
-stamp-it
|
||||
diff --git a/framework/src/.browse.py.swp b/framework/src/.browse.py.swp
|
||||
deleted file mode 100644
|
||||
index 72ee0a12d8c948e4f0d3fe6b513b63b357cbb712..0000000000000000000000000000000000000000
|
||||
GIT binary patch
|
||||
literal 0
|
||||
HcmV?d00001
|
||||
|
||||
literal 16384
|
||||
zcmeI3UyR&F9mj`;rcKj8X`g^14SRj?!p6I|m%CIE2efb@snVn(m$amRoLPHz*FCSj
|
||||
zwP$Z{0fFFwM_LqGBzUPB9zY15sf0kSD)kSdMZ6*U)~YI?K2Vh>K=7UMpRs*sZgUdi
|
||||
zD%rZv?%MwSe)F5({2%*zor|aMrN_-K!Ep;A5B%%WnO`2dg?#Blgb2@_$jiGOUSKnC
|
||||
z7(~KUznoyiTz?0pZ%Bjfh~rO$!KCN$Xcz>d-4EG_PlIry9ffwg7Y5Uao8#FI7V1lN
|
||||
z1nLOvDFPGGKYHg8veaGdNd1MzC+TgsUf7eVTB(je9f3Lmbp+}N)Dfs7P)DGSKplbi
|
||||
zX9UFfI`U1peqG}JrR4hqrSAjD`8~<^gQfe)Y5i44ppHNtfjR<p1nLOX5vU_jN1%>C
|
||||
z9f3Lmbp+}N?868!M?Ll@-<J!1JpWJE|9}55A#Z~}f>*)I;3e=2@N+N&3|s~)pa~Yh
|
||||
zVQ>)q1@8~M0=^C+a02}M2qC`(KLS_4ec%xI!_9>J09*zZcmy=TyN3yR9y|dq0}DI?
|
||||
zJ`O$xzI_uRe?3IVI{4L%gxmohzk!hN0tPOFJHP@s0G>Ta$Wved?gAz_41Rw-A-@Js
|
||||
zgBiF8+TaLy>w|<`1>XY<JOGY^cd#My3iu%qfPv3~1K@AiOnDY;0teXOGvJ?y@lU{0
|
||||
z;7K53eg$klXmZ%0*>^q9Xp-EOklTX!1CJZs7VXkc(};V0^UG^rShvofzO+V<(qljb
|
||||
zf_beS?zQ4uO`6$MqI8wIzA%jK#+vj~)bQL5?zwnf!=Y`u*y)(ff=_s(!-|4QXmcwZ
|
||||
z^o)+V)S?}8xkVS7Bui(G-0bY|4nF0LmJ;tS9dCD+mrVp`X(ju$tbP@o{%@h}!2hx{
|
||||
z<@18Ek`u9hryw%MYcZl&mN_ju@Pg3j4J`FTE2dXaK(Y`lkM+1`4rIW^43(g1_684j
|
||||
z9?k^>l4Eyk#Kxx0+%T~0kTU_nOeDSwv4Pky2hN6hpAt9D20kxma{GDrn6{)nO01n8
|
||||
zu|YnmEX{~-Ca%jo_rqXh#cmk!SBuKjwdMawWuZ7=I2UzQTTxAED_2&i>3y`EO&+>p
|
||||
zMpsv9V-RxgH%?@^+1b$I?uKUE^MdI-mO2HO$_|Cx$r;%tSo^Xv>k6??>T>2#sVb{N
|
||||
zcX*#N$FcBon(88Dvxw_QOEt^5Z){Pw-$w^K<bI1fLGy&}{CX4Db9iXlf$yUOw<34o
|
||||
zGcQucnzB0K(9){MOVew}!ba6XF*c%6&!Kp2ZsIv~$Tm4;w#}mmeL8LTT)*98(GaqY
|
||||
z?1Z`z9l4R}HI$i#J;dn2rIS=$r9ofoN<$GF^_Ue6S;#HX&`q-FR8o^$bgA}ho_NJw
|
||||
zNQ*A-uW+Sq-MK&A!c^n`RO^XqlK4>7J_@{va05TGHhaMqdWf_=%g!t4J&Go6G>SrK
|
||||
zIi&{e1i2wFa=(hn5`S#MBVlx9HoLhYNF^%!k!#a%``0F~r*&0&vbt__EbaStQ>w^+
|
||||
zMflS2l)D@qh6+V3P*zRjQK6XLE~}NpQlVZJE1M~XslrH6NSi3uzp3jx!8D$^<SP!^
|
||||
z2MTCqsa$np`HCdtn~OTFxQ+{kSF$Tqbk$Z;Wz{kBch{6cImIl4X;YHpothY8V$O|5
|
||||
zdlH3hH42qq7#~dB<Tdfo9C*xuRa&-&e8}1D-SM!SoBXPlrB_R<7{8RR`jErCWx2j9
|
||||
zEGr(GlQ~~ze$1jM6AgR}lfl#)am)5xdxJa4<Y4ML=os?jzjQ{v7jHc_annVBObsUD
|
||||
z;;<Za1Ys~MSimfT3AU=H#+Xdl9#W_46A^?i^Va#6SaV#QB=Zd7j>bVKWX7|fao?1l
|
||||
zss%xM63rqa*Z(hJoqIFZ$8!CjKHq;0Yk0Zt{~h=l_zvLU^WdZ4J*?+n15bk)I0Y8K
|
||||
zdsxr^2|NdW3LXbjun8`L1#lDiGuHQSgBQUSFasCC1+W6H2k&5w|0=i&o&nziXTdS>
|
||||
z5%4C~|8Ia7z!mT{&;zHyC&2CCAJ`js0sI(T1y6t}*aQ>sIdBlXj=h5?!M)%H@EgQq
|
||||
z2DZQygy4R#3~mQUfQ;E;P#<*!>Il>ks3Y(`j{wDyj?>AEfvfS=Os8KM><c$A%h)~|
|
||||
zLjv11mgVE$+AK@$A6b?f`>kZp262*U$s?ZV%bAzSgkbj2z%*F>M_h{@!)mcb<^RLQ
|
||||
zpV;fg7Sk*ktCh%VdCsS1W~mi5Cr<2OGZv=yW(QN`#0qwsVQ6nw)IMQi2U&orz1hKJ
|
||||
zIduoqURb(DGa;ADE<<X?!Ng{3q<1*v8H!YH)8@)WF7d`;Fy^6{84dp^q$VRjYUH-S
|
||||
zmBC#VrIggtrH``iO@s)1Q_drEvs5fH(@R9v6MV>PV`gty+;?Oxi8ZzN*`;jmD=i!G
|
||||
zCJ#0-&m)P4{1K=4&dtL!vyot-kcO28+)NY3B~^CYmmf=N^^vQHnJ6an1}tmuaFY0S
|
||||
z>h54Gm(@(A6asx+?sX3t)<2e*jkzJ4==oE3eevA=*0~GoI)zjrN#>;dw^F2&WkWZK
|
||||
z?HN%E@ReLfa>6nzdWosi%ZZd+&)=ETd970Ae%cb}a6S{2uBVG!?Ra*(<hH&(r_-rI
|
||||
zmCL%>o6-|?npCc|ZskNu-sJC8`*Zf(*)^RrtyASv)`KXI<XOofEl~0&cVk|6GL<TC
|
||||
zP-Ru}X<JXDqN`i^PFkAf>pHgOJ6RsfH+162&!dw_xc!-GT=!f!zkd4USFAH@CyUK1
|
||||
z@fG4&;EJJzt>iE=y34u%@{Z4CwWLsGS7&=Js|E2Yn}z&)uFtJ$$i~KcILSSSD*0C>
|
||||
sR!Fc)C`~Y_4QJ$&JoL9aMXw+teb7Q_QUwt_cgT+``PzVhRX=X~59wTn2><{9
|
||||
|
||||
diff --git a/framework/src/.cvsignore b/framework/src/.cvsignore
|
||||
deleted file mode 100644
|
||||
index 6e03301e58ea..000000000000
|
||||
--- a/framework/src/.cvsignore
|
||||
+++ /dev/null
|
||||
@@ -1,5 +0,0 @@
|
||||
-Makefile
|
||||
-Makefile.in
|
||||
-config.py
|
||||
-setroubleshoot.cfg
|
||||
-*.pyc
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,164 +0,0 @@
|
|||
From 9fe3ac2862a8c175520a0f275f39f548c2cf9d1e Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 24 Feb 2020 18:55:59 +0100
|
||||
Subject: [PATCH] setroubleshoot.util: get_rpm_nvr_by_type() and
|
||||
get_rpm_nvr_by_scontext()
|
||||
|
||||
get_rpm_nvr_by_scontext(scontext)
|
||||
Finds an SELinux module which defines given SELinux context
|
||||
|
||||
##### arguments
|
||||
|
||||
* `scontext(s)`: an SELinux context
|
||||
|
||||
##### return values
|
||||
|
||||
* `nvr(s)`: nvr of rpm which ships module where SELinux type used in `scontext` is defined
|
||||
|
||||
##### usage
|
||||
|
||||
>>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")
|
||||
selinux-policy-
|
||||
|
||||
>>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")
|
||||
mysqld-selinux-
|
||||
|
||||
>>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0")
|
||||
selinux-policy-
|
||||
|
||||
get_rpm_nvr_by_type(selinux_type)
|
||||
Finds an SELinux module which defines given SELinux type
|
||||
|
||||
##### arguments
|
||||
|
||||
* `selinux_type(s)`: an SELinux type
|
||||
|
||||
##### return values
|
||||
|
||||
* `nvr(s)`: nvr of rpm which ships module where `selinux_type` is defined
|
||||
|
||||
##### usage
|
||||
|
||||
>>> get_rpm_nvr_by_type("sshd_t")
|
||||
selinux-policy-
|
||||
|
||||
>>> get_rpm_nvr_by_type("mysqld_log_t")
|
||||
mysqld-selinux
|
||||
---
|
||||
framework/src/setroubleshoot/util.py | 79 ++++++++++++++++++++++++++++
|
||||
1 file changed, 79 insertions(+)
|
||||
|
||||
diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
|
||||
index b826e7f4e3d1..a69269113236 100755
|
||||
--- a/framework/src/setroubleshoot/util.py
|
||||
+++ b/framework/src/setroubleshoot/util.py
|
||||
@@ -35,6 +35,8 @@ __all__ = [
|
||||
'get_rpm_nvr_from_header',
|
||||
'get_rpm_nvr_by_name',
|
||||
'get_rpm_nvr_by_file_path',
|
||||
+ 'get_rpm_nvr_by_type',
|
||||
+ 'get_rpm_nvr_by_scontext',
|
||||
'is_hex',
|
||||
'split_rpm_nvr',
|
||||
'file_types',
|
||||
@@ -62,6 +64,7 @@ __all__ = [
|
||||
'Retry',
|
||||
]
|
||||
|
||||
+import bz2
|
||||
import six
|
||||
import datetime
|
||||
import glob
|
||||
@@ -69,6 +72,7 @@ from gi.repository import GObject
|
||||
import os
|
||||
import pwd
|
||||
import re
|
||||
+import selinux
|
||||
import sys
|
||||
import textwrap
|
||||
import time
|
||||
@@ -404,6 +408,81 @@ def split_rpm_nvr(nvr):
|
||||
name = '-'.join(components[:-2])
|
||||
return (name, version, release)
|
||||
|
||||
+def get_rpm_nvr_by_type(selinux_type):
|
||||
+ """
|
||||
+Finds an SELinux module which defines given SELinux type
|
||||
+
|
||||
+##### arguments
|
||||
+
|
||||
+* `selinux_type(s)`: an SELinux type
|
||||
+
|
||||
+##### return values
|
||||
+
|
||||
+* `nvr(s)`: nvr of rpm which ships module where `selinux_type` is defined
|
||||
+
|
||||
+##### usage
|
||||
+
|
||||
+>>> get_rpm_nvr_by_type("sshd_t")
|
||||
+selinux-policy-
|
||||
+
|
||||
+>>> get_rpm_nvr_by_type("mysqld_log_t")
|
||||
+mysqld-selinux
|
||||
+
|
||||
+ """
|
||||
+ retval, policytype = selinux.selinux_getpolicytype()
|
||||
+ if retval != 0:
|
||||
+ return None
|
||||
+ typedef = "(type {})\n".format(selinux_type)
|
||||
+ modules = []
|
||||
+ for (dirpath, dirnames, filenames) in os.walk("/var/lib/selinux/{}/active/modules".format(policytype)):
|
||||
+ if "cil" in filenames:
|
||||
+ try:
|
||||
+ defined = False
|
||||
+ try:
|
||||
+ # cil files are bzip2'ed by default
|
||||
+ defined = typedef.encode() in bz2.open("{}/cil".format(dirpath))
|
||||
+ except:
|
||||
+ # maybe cil file is not bzip2'ed, try plain text
|
||||
+ defined = typedef in open("{}/cil".format(dirpath))
|
||||
+
|
||||
+ if defined:
|
||||
+ modules.append(dirpath)
|
||||
+ except:
|
||||
+ # something's wrong, move on
|
||||
+ # FIXME: log a problem?
|
||||
+ pass
|
||||
+
|
||||
+ if len(modules) > 0:
|
||||
+ return get_rpm_nvr_by_file_path(sorted(modules)[-1])
|
||||
+
|
||||
+ return None
|
||||
+
|
||||
+def get_rpm_nvr_by_scontext(scontext):
|
||||
+ """
|
||||
+Finds an SELinux module which defines given SELinux context
|
||||
+
|
||||
+##### arguments
|
||||
+
|
||||
+* `scontext(s)`: an SELinux context
|
||||
+
|
||||
+##### return values
|
||||
+
|
||||
+* `nvr(s)`: nvr of rpm which ships module where SELinux type used in `scontext` is defined
|
||||
+
|
||||
+##### usage
|
||||
+
|
||||
+>>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")
|
||||
+selinux-policy-
|
||||
+
|
||||
+>>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")
|
||||
+mysqld-selinux-
|
||||
+
|
||||
+>>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0")
|
||||
+selinux-policy-
|
||||
+
|
||||
+ """
|
||||
+ context = selinux.context_new(str(scontext))
|
||||
+ return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
|
||||
|
||||
def get_user_home_dir():
|
||||
uid = os.getuid()
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,162 +0,0 @@
|
|||
From 5242f26ab29c7787a6071d10bf613e6b283512ef Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Mon, 24 Feb 2020 19:04:25 +0100
|
||||
Subject: [PATCH] Export setroubleshoot.utils.get_rpm_nvr_by_scontext via DBUS
|
||||
|
||||
$ dbus-send --system --print-reply --dest=org.fedoraproject.SetroubleshootPrivileged \
|
||||
/org/fedoraproject/SetroubleshootPrivileged/object \
|
||||
org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext \
|
||||
string:"system_u:system_r:mysqld_log_t:s0"
|
||||
|
||||
org.fedoraproject.SetroubleshootPrivileged is available only for
|
||||
`setroubleshoot` user and it's supposed to be a privileged helper which is used
|
||||
by `setroubleshootd`
|
||||
---
|
||||
framework/Makefile.am | 7 ++-
|
||||
...edoraproject.SetroubleshootPrivileged.conf | 20 +++++++
|
||||
...raproject.SetroubleshootPrivileged.service | 4 ++
|
||||
framework/src/Makefile.am | 3 +-
|
||||
framework/src/SetroubleshootPrivileged.py | 57 +++++++++++++++++++
|
||||
5 files changed, 88 insertions(+), 3 deletions(-)
|
||||
create mode 100644 framework/org.fedoraproject.SetroubleshootPrivileged.conf
|
||||
create mode 100644 framework/org.fedoraproject.SetroubleshootPrivileged.service
|
||||
create mode 100644 framework/src/SetroubleshootPrivileged.py
|
||||
|
||||
diff --git a/framework/Makefile.am b/framework/Makefile.am
|
||||
index 56a8b37fa037..f330b7c3e112 100644
|
||||
--- a/framework/Makefile.am
|
||||
+++ b/framework/Makefile.am
|
||||
@@ -14,12 +14,15 @@ dbus_session_DATA = sealert.service
|
||||
dbus_systemservicedir = $(datadir)/dbus-1/system-services
|
||||
dbus_systemservice_DATA = \
|
||||
org.fedoraproject.Setroubleshootd.service \
|
||||
- org.fedoraproject.SetroubleshootFixit.service
|
||||
+ org.fedoraproject.SetroubleshootFixit.service \
|
||||
+ org.fedoraproject.SetroubleshootPrivileged.service
|
||||
|
||||
dbus_systemdir = $(sysconfdir)/dbus-1/system.d
|
||||
dbus_system_DATA = \
|
||||
org.fedoraproject.Setroubleshootd.conf \
|
||||
- org.fedoraproject.SetroubleshootFixit.conf
|
||||
+ org.fedoraproject.SetroubleshootFixit.conf \
|
||||
+ org.fedoraproject.SetroubleshootPrivileged.conf
|
||||
+
|
||||
|
||||
polkit_systemdir = $(datadir)/polkit-1/actions
|
||||
polkit_system_DATA = \
|
||||
diff --git a/framework/org.fedoraproject.SetroubleshootPrivileged.conf b/framework/org.fedoraproject.SetroubleshootPrivileged.conf
|
||||
new file mode 100644
|
||||
index 000000000000..aaa0a0f661d3
|
||||
--- /dev/null
|
||||
+++ b/framework/org.fedoraproject.SetroubleshootPrivileged.conf
|
||||
@@ -0,0 +1,20 @@
|
||||
+<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
|
||||
+
|
||||
+<!DOCTYPE busconfig PUBLIC
|
||||
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
||||
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
||||
+<busconfig>
|
||||
+
|
||||
+ <!-- Only root can own the service -->
|
||||
+ <policy user="root">
|
||||
+ <allow own="org.fedoraproject.SetroubleshootPrivileged"/>
|
||||
+ </policy>
|
||||
+
|
||||
+ <policy user="setroubleshoot">
|
||||
+ <allow send_destination="org.fedoraproject.SetroubleshootPrivileged"
|
||||
+ send_interface="org.fedoraproject.SetroubleshootPrivileged"/>
|
||||
+ <allow send_destination="org.fedoraproject.SetroubleshootPrivileged"
|
||||
+ send_interface="org.freedesktop.DBus.Introspectable"/>
|
||||
+ </policy>
|
||||
+
|
||||
+</busconfig>
|
||||
diff --git a/framework/org.fedoraproject.SetroubleshootPrivileged.service b/framework/org.fedoraproject.SetroubleshootPrivileged.service
|
||||
new file mode 100644
|
||||
index 000000000000..7a454589a31d
|
||||
--- /dev/null
|
||||
+++ b/framework/org.fedoraproject.SetroubleshootPrivileged.service
|
||||
@@ -0,0 +1,4 @@
|
||||
+[D-BUS Service]
|
||||
+Name=org.fedoraproject.SetroubleshootPrivileged
|
||||
+Exec=/usr/share/setroubleshoot/SetroubleshootPrivileged.py
|
||||
+User=root
|
||||
diff --git a/framework/src/Makefile.am b/framework/src/Makefile.am
|
||||
index e1782d585e8d..bf53763b3084 100644
|
||||
--- a/framework/src/Makefile.am
|
||||
+++ b/framework/src/Makefile.am
|
||||
@@ -38,7 +38,8 @@ pkglibexec_SCRIPTS = \
|
||||
pkgdir = $(datarootdir)/setroubleshoot
|
||||
pkg_SCRIPTS = \
|
||||
SetroubleshootFixit.py \
|
||||
- updater.py
|
||||
+ updater.py \
|
||||
+ SetroubleshootPrivileged.py
|
||||
|
||||
pkgconfig_DATA = \
|
||||
setroubleshoot.conf \
|
||||
diff --git a/framework/src/SetroubleshootPrivileged.py b/framework/src/SetroubleshootPrivileged.py
|
||||
new file mode 100644
|
||||
index 000000000000..858115bbe5ae
|
||||
--- /dev/null
|
||||
+++ b/framework/src/SetroubleshootPrivileged.py
|
||||
@@ -0,0 +1,57 @@
|
||||
+#!/usr/bin/python3
|
||||
+
|
||||
+# Authors: Petr Lautrbach <plautrba@redhat.com>
|
||||
+#
|
||||
+# Copyright (C) 2020 Red Hat, Inc.
|
||||
+
|
||||
+# This program is free software; you can redistribute it and/or modify
|
||||
+# it under the terms of the GNU General Public License as published by
|
||||
+# the Free Software Foundation; either version 2 of the License, or
|
||||
+# (at your option) any later version.
|
||||
+#
|
||||
+# This program is distributed in the hope that it will be useful,
|
||||
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
+# GNU General Public License for more details.
|
||||
+#
|
||||
+# You should have received a copy of the GNU General Public License along
|
||||
+# with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
+
|
||||
+import dbus
|
||||
+import dbus.service
|
||||
+from dbus.mainloop.glib import DBusGMainLoop
|
||||
+from gi.repository import GLib
|
||||
+import setroubleshoot.util
|
||||
+import signal
|
||||
+
|
||||
+DBusGMainLoop(set_as_default=True)
|
||||
+
|
||||
+class Privileged(dbus.service.Object):
|
||||
+
|
||||
+ def __init__(self, timeout=10):
|
||||
+ self.timeout = timeout
|
||||
+ self.alarm(self.timeout)
|
||||
+
|
||||
+ bus = dbus.SystemBus()
|
||||
+ bus.request_name("org.fedoraproject.SetroubleshootPrivileged")
|
||||
+ bus_name = dbus.service.BusName("org.fedoraproject.SetroubleshootPrivileged", bus=bus)
|
||||
+ dbus.service.Object.__init__(self, bus_name, "/org/fedoraproject/SetroubleshootPrivileged/object")
|
||||
+
|
||||
+ def alarm(self, timeout=10):
|
||||
+ signal.alarm(timeout)
|
||||
+
|
||||
+ @dbus.service.method("org.fedoraproject.SetroubleshootPrivileged", in_signature='s', out_signature='s')
|
||||
+ def get_rpm_nvr_by_scontext(self, scontext):
|
||||
+ signal.alarm(self.timeout)
|
||||
+ rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext)
|
||||
+ if rpmnvr is None:
|
||||
+ return ""
|
||||
+
|
||||
+ return rpmnvr
|
||||
+
|
||||
+if __name__ == "__main__":
|
||||
+ privileged = Privileged()
|
||||
+
|
||||
+ loop = GLib.MainLoop()
|
||||
+ loop.run()
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,91 +0,0 @@
|
|||
From 72de472c510e6e3d50c72efbd1e1fd291ed35b68 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Tue, 25 Feb 2020 10:29:55 +0100
|
||||
Subject: [PATCH] setroubleshoot.utils.get_rpm_nvr_by_scontext add option to
|
||||
use DBUS method
|
||||
|
||||
Using keyword `use_dbus=True`:
|
||||
|
||||
get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)
|
||||
|
||||
the function calls org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext
|
||||
DBUS method in order to get data using privileged process.
|
||||
---
|
||||
framework/src/setroubleshoot/util.py | 33 ++++++++++++++++++++--------
|
||||
1 file changed, 24 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
|
||||
index a69269113236..94bb988564ed 100755
|
||||
--- a/framework/src/setroubleshoot/util.py
|
||||
+++ b/framework/src/setroubleshoot/util.py
|
||||
@@ -67,6 +67,7 @@ __all__ = [
|
||||
import bz2
|
||||
import six
|
||||
import datetime
|
||||
+import dbus
|
||||
import glob
|
||||
from gi.repository import GObject
|
||||
import os
|
||||
@@ -423,10 +424,10 @@ Finds an SELinux module which defines given SELinux type
|
||||
##### usage
|
||||
|
||||
>>> get_rpm_nvr_by_type("sshd_t")
|
||||
-selinux-policy-
|
||||
+'selinux-policy-...
|
||||
|
||||
>>> get_rpm_nvr_by_type("mysqld_log_t")
|
||||
-mysqld-selinux
|
||||
+'mysql-selinux-...
|
||||
|
||||
"""
|
||||
retval, policytype = selinux.selinux_getpolicytype()
|
||||
@@ -457,7 +458,7 @@ mysqld-selinux
|
||||
|
||||
return None
|
||||
|
||||
-def get_rpm_nvr_by_scontext(scontext):
|
||||
+def get_rpm_nvr_by_scontext(scontext, use_dbus=False):
|
||||
"""
|
||||
Finds an SELinux module which defines given SELinux context
|
||||
|
||||
@@ -472,17 +473,31 @@ Finds an SELinux module which defines given SELinux context
|
||||
##### usage
|
||||
|
||||
>>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")
|
||||
-selinux-policy-
|
||||
+'selinux-policy-...
|
||||
|
||||
>>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")
|
||||
-mysqld-selinux-
|
||||
+'mysql-selinux-...
|
||||
|
||||
->>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0")
|
||||
-selinux-policy-
|
||||
+>>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)
|
||||
+'selinux-policy-...
|
||||
|
||||
"""
|
||||
- context = selinux.context_new(str(scontext))
|
||||
- return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
|
||||
+ if use_dbus:
|
||||
+ bus = dbus.SystemBus()
|
||||
+
|
||||
+ try:
|
||||
+ remote_object = bus.get_object("org.fedoraproject.SetroubleshootPrivileged",
|
||||
+ "/org/fedoraproject/SetroubleshootPrivileged/object")
|
||||
+
|
||||
+ return str(remote_object.get_rpm_nvr_by_scontext(str(scontext),
|
||||
+ dbus_interface = "org.fedoraproject.SetroubleshootPrivileged"))
|
||||
+ except dbus.DBusException:
|
||||
+ from traceback import print_exc
|
||||
+ print_exc()
|
||||
+ return None
|
||||
+ else:
|
||||
+ context = selinux.context_new(str(scontext))
|
||||
+ return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
|
||||
|
||||
def get_user_home_dir():
|
||||
uid = os.getuid()
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,60 +0,0 @@
|
|||
From 74926ff27b35329819d74ea53eef2aff376cc6e1 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Tue, 25 Feb 2020 10:36:06 +0100
|
||||
Subject: [PATCH] Add Local SELinux policy package version to analyses reports
|
||||
|
||||
Sometimes a SELinux domain is shipped by other than selinux-policy packages. In
|
||||
this case it's useful to report other package policy version together with
|
||||
selinux-policy version, e.g. for the following AVC:
|
||||
|
||||
type=AVC msg=audit(1582621541.469:6896): avc: denied { write } for pid=1627505 comm="python3" name="plautrba" dev="dm-4" ino=19529729 scontext=system_u:system_r:mysqld_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=1
|
||||
|
||||
a report will contain the following lines:
|
||||
|
||||
SELinux Policy RPM selinux-policy-3.14.5-24.fc32.1.contrib.50770ffc2a14.noarch
|
||||
Local Policy RPM mysql-selinux-1.0.0-9.fc32.noarch
|
||||
---
|
||||
framework/src/setroubleshoot/signature.py | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/framework/src/setroubleshoot/signature.py b/framework/src/setroubleshoot/signature.py
|
||||
index 711c2875f5a4..7287eec8af61 100755
|
||||
--- a/framework/src/setroubleshoot/signature.py
|
||||
+++ b/framework/src/setroubleshoot/signature.py
|
||||
@@ -120,6 +120,7 @@ class SEEnvironment(XmlSerialize):
|
||||
'kernel': {'XMLForm': 'element'},
|
||||
'policy_type': {'XMLForm': 'element'},
|
||||
'policy_rpm': {'XMLForm': 'element'},
|
||||
+ 'local_policy_rpm': {'XMLForm': 'element'},
|
||||
'enforce': {'XMLForm': 'element'},
|
||||
'selinux_enabled': {'XMLForm': 'element', 'import_typecast': boolean, },
|
||||
'selinux_mls_enabled': {'XMLForm': 'element', 'import_typecast': boolean, },
|
||||
@@ -141,6 +142,7 @@ class SEEnvironment(XmlSerialize):
|
||||
self.platform, self.kernel = get_os_environment()
|
||||
self.policy_type = selinux.selinux_getpolicytype()[1]
|
||||
self.policy_rpm = get_rpm_nvr_by_name("selinux-policy")
|
||||
+ self.local_policy_rpm = self.policy_rpm
|
||||
self.policyvers = str(selinux.security_policyvers())
|
||||
enforce = selinux.security_getenforce()
|
||||
if enforce == 0:
|
||||
@@ -312,6 +314,7 @@ class SEFaultSignatureInfo(XmlSerialize):
|
||||
setattr(self, k, v)
|
||||
self.report_count = 1
|
||||
self.plugin_list = []
|
||||
+ self.environment.local_policy_rpm = get_rpm_nvr_by_scontext(self.scontext, use_dbus=True)
|
||||
|
||||
def update_merge(self, siginfo):
|
||||
if siginfo.last_seen_date != self.last_seen_date:
|
||||
@@ -524,7 +527,8 @@ class SEFaultSignatureInfo(XmlSerialize):
|
||||
text += format_2_column_name_value(_("Host"), default_text(self.sig.host))
|
||||
text += format_2_column_name_value(_("Source RPM Packages"), default_text(self.format_rpm_list(self.src_rpm_list)))
|
||||
text += format_2_column_name_value(_("Target RPM Packages"), default_text(self.format_rpm_list(self.tgt_rpm_list)))
|
||||
- text += format_2_column_name_value(_("Policy RPM"), default_text(env.policy_rpm))
|
||||
+ text += format_2_column_name_value(_("SELinux Policy RPM"), default_text(env.policy_rpm))
|
||||
+ text += format_2_column_name_value(_("Local Policy RPM"), default_text(env.local_policy_rpm))
|
||||
text += format_2_column_name_value(_("Selinux Enabled"), default_text(env.selinux_enabled))
|
||||
text += format_2_column_name_value(_("Policy Type"), default_text(env.policy_type))
|
||||
text += format_2_column_name_value(_("Enforcing Mode"), default_text(env.enforce))
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,69 +0,0 @@
|
|||
From a9a1d1b99c30208006a86474c19ab288c933afb6 Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Tue, 25 Feb 2020 13:00:10 +0100
|
||||
Subject: [PATCH] Report bug on a package which owns the related SELinux domain
|
||||
|
||||
---
|
||||
framework/src/setroubleshoot/browser.py | 3 ++-
|
||||
framework/src/setroubleshoot/util.py | 24 ++++++++++++++++++++++++
|
||||
2 files changed, 26 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/framework/src/setroubleshoot/browser.py b/framework/src/setroubleshoot/browser.py
|
||||
index 22ffd132d9a2..4b1c143fac9a 100644
|
||||
--- a/framework/src/setroubleshoot/browser.py
|
||||
+++ b/framework/src/setroubleshoot/browser.py
|
||||
@@ -997,7 +997,8 @@ class BugReport:
|
||||
text_buf = self.error_submit_text.get_buffer()
|
||||
content = text_buf.get_text(text_buf.get_start_iter(),
|
||||
text_buf.get_end_iter(), False)
|
||||
- signature = report.createAlertSignature("selinux-policy",
|
||||
+ local_policy_package = get_rpm_source_package(self.alert.environment.local_policy_rpm)
|
||||
+ signature = report.createAlertSignature(local_policy_package,
|
||||
"setroubleshoot",
|
||||
self.alert.get_hash(),
|
||||
self.summary,
|
||||
diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
|
||||
index 94bb988564ed..77b3668afa86 100755
|
||||
--- a/framework/src/setroubleshoot/util.py
|
||||
+++ b/framework/src/setroubleshoot/util.py
|
||||
@@ -37,6 +37,7 @@ __all__ = [
|
||||
'get_rpm_nvr_by_file_path',
|
||||
'get_rpm_nvr_by_type',
|
||||
'get_rpm_nvr_by_scontext',
|
||||
+ 'get_rpm_source_package',
|
||||
'is_hex',
|
||||
'split_rpm_nvr',
|
||||
'file_types',
|
||||
@@ -499,6 +500,29 @@ Finds an SELinux module which defines given SELinux context
|
||||
context = selinux.context_new(str(scontext))
|
||||
return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
|
||||
|
||||
+def get_rpm_source_package(name):
|
||||
+ """
|
||||
+ Find a source package for `name` rpm
|
||||
+
|
||||
+ >>> get_rpm_source_package("policycoreutils-python-utils")
|
||||
+ 'policycoreutils'
|
||||
+
|
||||
+ >>> get_rpm_source_package("selinux-policy-targeted")
|
||||
+ 'selinux-policy'
|
||||
+
|
||||
+ """
|
||||
+ if name is None:
|
||||
+ return None
|
||||
+
|
||||
+ src = None
|
||||
+ try:
|
||||
+ import subprocess
|
||||
+ src = subprocess.check_output(["rpm", "-q", "--qf", "%{SOURCERPM}", name], universal_newlines=True).rsplit('-',2)[0]
|
||||
+ except:
|
||||
+ syslog.syslog(syslog.LOG_ERR, "failed to retrieve rpm info for %s" % name)
|
||||
+ return src
|
||||
+
|
||||
+
|
||||
def get_user_home_dir():
|
||||
uid = os.getuid()
|
||||
try:
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,116 +0,0 @@
|
|||
From 25dd8cee2841d0be01756b6c600ea887fad0c67d Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Fri, 28 Feb 2020 13:22:32 +0100
|
||||
Subject: [PATCH] Use pydbus, a modern Python dbus API, for
|
||||
SetroubleshootPrivileged
|
||||
|
||||
According to https://wiki.python.org/moin/DbusExamples dbus-python is a legacy API.
|
||||
---
|
||||
framework/src/SetroubleshootPrivileged.py | 36 +++++++++++++----------
|
||||
framework/src/setroubleshoot/util.py | 17 +++--------
|
||||
2 files changed, 25 insertions(+), 28 deletions(-)
|
||||
|
||||
diff --git a/framework/src/SetroubleshootPrivileged.py b/framework/src/SetroubleshootPrivileged.py
|
||||
index 858115bbe5ae..899e68770880 100644
|
||||
--- a/framework/src/SetroubleshootPrivileged.py
|
||||
+++ b/framework/src/SetroubleshootPrivileged.py
|
||||
@@ -18,31 +18,35 @@
|
||||
# with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
|
||||
-import dbus
|
||||
-import dbus.service
|
||||
-from dbus.mainloop.glib import DBusGMainLoop
|
||||
from gi.repository import GLib
|
||||
+from pydbus import SystemBus
|
||||
import setroubleshoot.util
|
||||
import signal
|
||||
|
||||
-DBusGMainLoop(set_as_default=True)
|
||||
-
|
||||
-class Privileged(dbus.service.Object):
|
||||
+loop = GLib.MainLoop()
|
||||
+
|
||||
+class Privileged(object):
|
||||
+ """
|
||||
+ <node>
|
||||
+ <interface name='org.fedoraproject.SetroubleshootPrivileged'>
|
||||
+ <method name='get_rpm_nvr_by_scontext'>
|
||||
+ <arg type='s' name='scontext' direction='in'/>
|
||||
+ <arg type='s' name='rpmnvr' direction='out'/>
|
||||
+ </method>
|
||||
+ <method name='finish'/>
|
||||
+ </interface>
|
||||
+ </node>
|
||||
+ """
|
||||
|
||||
def __init__(self, timeout=10):
|
||||
self.timeout = timeout
|
||||
self.alarm(self.timeout)
|
||||
|
||||
- bus = dbus.SystemBus()
|
||||
- bus.request_name("org.fedoraproject.SetroubleshootPrivileged")
|
||||
- bus_name = dbus.service.BusName("org.fedoraproject.SetroubleshootPrivileged", bus=bus)
|
||||
- dbus.service.Object.__init__(self, bus_name, "/org/fedoraproject/SetroubleshootPrivileged/object")
|
||||
-
|
||||
def alarm(self, timeout=10):
|
||||
signal.alarm(timeout)
|
||||
|
||||
- @dbus.service.method("org.fedoraproject.SetroubleshootPrivileged", in_signature='s', out_signature='s')
|
||||
def get_rpm_nvr_by_scontext(self, scontext):
|
||||
+ """Finds an SELinux module which defines given SELinux context"""
|
||||
signal.alarm(self.timeout)
|
||||
rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext)
|
||||
if rpmnvr is None:
|
||||
@@ -50,8 +54,10 @@ class Privileged(dbus.service.Object):
|
||||
|
||||
return rpmnvr
|
||||
|
||||
-if __name__ == "__main__":
|
||||
- privileged = Privileged()
|
||||
+ def finish(self):
|
||||
+ loop.quit()
|
||||
|
||||
- loop = GLib.MainLoop()
|
||||
+if __name__ == "__main__":
|
||||
+ bus = SystemBus()
|
||||
+ bus.publish("org.fedoraproject.SetroubleshootPrivileged", Privileged())
|
||||
loop.run()
|
||||
diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
|
||||
index 77b3668afa86..4d18555fb9e4 100755
|
||||
--- a/framework/src/setroubleshoot/util.py
|
||||
+++ b/framework/src/setroubleshoot/util.py
|
||||
@@ -68,7 +68,7 @@ __all__ = [
|
||||
import bz2
|
||||
import six
|
||||
import datetime
|
||||
-import dbus
|
||||
+from pydbus import SystemBus
|
||||
import glob
|
||||
from gi.repository import GObject
|
||||
import os
|
||||
@@ -484,18 +484,9 @@ Finds an SELinux module which defines given SELinux context
|
||||
|
||||
"""
|
||||
if use_dbus:
|
||||
- bus = dbus.SystemBus()
|
||||
-
|
||||
- try:
|
||||
- remote_object = bus.get_object("org.fedoraproject.SetroubleshootPrivileged",
|
||||
- "/org/fedoraproject/SetroubleshootPrivileged/object")
|
||||
-
|
||||
- return str(remote_object.get_rpm_nvr_by_scontext(str(scontext),
|
||||
- dbus_interface = "org.fedoraproject.SetroubleshootPrivileged"))
|
||||
- except dbus.DBusException:
|
||||
- from traceback import print_exc
|
||||
- print_exc()
|
||||
- return None
|
||||
+ bus = SystemBus()
|
||||
+ remote_object = bus.get("org.fedoraproject.SetroubleshootPrivileged")
|
||||
+ return str(remote_object.get_rpm_nvr_by_scontext(str(scontext)))
|
||||
else:
|
||||
context = selinux.context_new(str(scontext))
|
||||
return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,47 +0,0 @@
|
|||
From 945838998d84dcd8f0aab147f228e244dc08a54e Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Fri, 28 Feb 2020 13:25:59 +0100
|
||||
Subject: [PATCH] root user doesn't need to use SetroubleshootPrivileged API
|
||||
|
||||
Fixes:
|
||||
$ sudo sealert -a ./short.log 2>&1 | tee /tmp/tmp.956wzqmMcR, with 15 seconds timeout
|
||||
ERROR:dbus.proxies:Introspect error on :1.38:/org/fedoraproject/SetroubleshootPrivileged/object: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message
|
||||
Traceback (most recent call last):
|
||||
File "/usr/lib/python3.7/site-packages/setroubleshoot/util.py", line 494, in get_rpm_nvr_by_scontext
|
||||
dbus_interface = "org.fedoraproject.SetroubleshootPrivileged"))
|
||||
File "/usr/lib64/python3.7/site-packages/dbus/proxies.py", line 70, in __call__
|
||||
return self._proxy_method(*args, **keywords)
|
||||
File "/usr/lib64/python3.7/site-packages/dbus/proxies.py", line 145, in __call__
|
||||
**keywords)
|
||||
File "/usr/lib64/python3.7/site-packages/dbus/connection.py", line 651, in call_blocking
|
||||
message, timeout)
|
||||
dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message
|
||||
---
|
||||
framework/src/setroubleshoot/signature.py | 11 ++++++++++-
|
||||
1 file changed, 10 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/framework/src/setroubleshoot/signature.py b/framework/src/setroubleshoot/signature.py
|
||||
index 7287eec8af61..bcc37408c29c 100755
|
||||
--- a/framework/src/setroubleshoot/signature.py
|
||||
+++ b/framework/src/setroubleshoot/signature.py
|
||||
@@ -314,7 +314,16 @@ class SEFaultSignatureInfo(XmlSerialize):
|
||||
setattr(self, k, v)
|
||||
self.report_count = 1
|
||||
self.plugin_list = []
|
||||
- self.environment.local_policy_rpm = get_rpm_nvr_by_scontext(self.scontext, use_dbus=True)
|
||||
+
|
||||
+ use_dbus=True
|
||||
+ if os.getuid() == 0:
|
||||
+ # root doesn't need to use dbus
|
||||
+ use_dbus=False
|
||||
+ try:
|
||||
+ self.environment.local_policy_rpm = get_rpm_nvr_by_scontext(self.scontext, use_dbus=use_dbus)
|
||||
+ except:
|
||||
+ # leave it as it is
|
||||
+ pass
|
||||
|
||||
def update_merge(self, siginfo):
|
||||
if siginfo.last_seen_date != self.last_seen_date:
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,87 +0,0 @@
|
|||
From fe8a0ac76b8ef52dda1a77e935eb96f0e3c5a33b Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Fri, 28 Feb 2020 18:28:34 +0100
|
||||
Subject: [PATCH] Drop updater.py - it's not used and doesn't work
|
||||
|
||||
---
|
||||
framework/po/POTFILES.in | 1 -
|
||||
framework/src/Makefile.am | 1 -
|
||||
framework/src/updater.py | 42 ---------------------------------------
|
||||
3 files changed, 44 deletions(-)
|
||||
delete mode 100644 framework/src/updater.py
|
||||
|
||||
diff --git a/framework/po/POTFILES.in b/framework/po/POTFILES.in
|
||||
index 1ee587af3fe4..483999606950 100644
|
||||
--- a/framework/po/POTFILES.in
|
||||
+++ b/framework/po/POTFILES.in
|
||||
@@ -17,7 +17,6 @@ src/setroubleshoot/rpc_interfaces.py
|
||||
src/setroubleshoot/server.py
|
||||
src/setroubleshoot/serverconnection.py
|
||||
src/setroubleshoot/signature.py
|
||||
-src/updater.py
|
||||
src/setroubleshoot/util.py
|
||||
src/setroubleshoot/uuid.py
|
||||
src/seappletlegacy.c
|
||||
diff --git a/framework/src/Makefile.am b/framework/src/Makefile.am
|
||||
index bf53763b3084..9bf1d6384854 100644
|
||||
--- a/framework/src/Makefile.am
|
||||
+++ b/framework/src/Makefile.am
|
||||
@@ -38,7 +38,6 @@ pkglibexec_SCRIPTS = \
|
||||
pkgdir = $(datarootdir)/setroubleshoot
|
||||
pkg_SCRIPTS = \
|
||||
SetroubleshootFixit.py \
|
||||
- updater.py \
|
||||
SetroubleshootPrivileged.py
|
||||
|
||||
pkgconfig_DATA = \
|
||||
diff --git a/framework/src/updater.py b/framework/src/updater.py
|
||||
deleted file mode 100644
|
||||
index 7aba95132a8a..000000000000
|
||||
--- a/framework/src/updater.py
|
||||
+++ /dev/null
|
||||
@@ -1,42 +0,0 @@
|
||||
-#/usr/bin/env python
|
||||
-
|
||||
-# Author: Thomas Liu <tliu@redhat.com>
|
||||
-import yum
|
||||
-import gettext
|
||||
-from setroubleshoot.config import parse_config_setting, get_config
|
||||
-gettext.install(domain=get_config('general', 'i18n_text_domain'),
|
||||
- localedir=get_config('general', 'i18n_locale_dir'))
|
||||
-
|
||||
-installed = []
|
||||
-try:
|
||||
- yb = yum.YumBase()
|
||||
- yb.conf.cache = True
|
||||
- installed = yb.rpmdb.searchNevra('selinux-policy')
|
||||
- if installed:
|
||||
- for pkg in sorted(installed):
|
||||
- if pkg.name == 'selinux-policy':
|
||||
- print(_("current: %s ") % pkg.printVer())
|
||||
- try:
|
||||
- pl = yb.doPackageLists(patterns=['selinux-policy'])
|
||||
- except yum.Errors.RepoError as msg:
|
||||
- yb.conf.cache = False
|
||||
- pl = yb.doPackageLists(patterns=['selinux-policy'])
|
||||
-
|
||||
- if pl.available:
|
||||
- for pkg in sorted(pl.available):
|
||||
- print(_("newer: %s ") % pkg.printVer())
|
||||
-
|
||||
-
|
||||
-except yum.Errors.RepoError as msg:
|
||||
- print("error: ", str(msg))
|
||||
-
|
||||
-except yum.Errors.ConfigError as msg:
|
||||
- print("error: ", str(msg))
|
||||
-
|
||||
-except TypeError as msg:
|
||||
- print("error: ", str(msg))
|
||||
-except Exception as e:
|
||||
- print("error: " + str(e))
|
||||
-
|
||||
-
|
||||
-print("done")
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,24 +0,0 @@
|
|||
From 8c48bbe8193ffdc788d040d2f7619654c452d71d Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Sat, 29 Feb 2020 13:28:13 +0100
|
||||
Subject: [PATCH] sealert: Drop unused import slib.dbus.service
|
||||
|
||||
---
|
||||
framework/src/sealert | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/framework/src/sealert b/framework/src/sealert
|
||||
index 42dc976b26d0..7839367fd002 100755
|
||||
--- a/framework/src/sealert
|
||||
+++ b/framework/src/sealert
|
||||
@@ -39,7 +39,6 @@ import selinux
|
||||
import socket as Socket
|
||||
import fcntl
|
||||
import sys
|
||||
-import slip.dbus.service
|
||||
|
||||
from dbus.mainloop.glib import DBusGMainLoop
|
||||
DBusGMainLoop(set_as_default=True)
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -1,27 +0,0 @@
|
|||
From b652a0e38e93cfb8fcb4e4a02c277cc25006eacb Mon Sep 17 00:00:00 2001
|
||||
From: Petr Lautrbach <plautrba@redhat.com>
|
||||
Date: Wed, 4 Mar 2020 10:56:05 +0100
|
||||
Subject: [PATCH] framework/browser: Do not try to report a bug on None package
|
||||
|
||||
There are cases when local_policy_package can be None. It's better to use
|
||||
policy_rpm in these cases.
|
||||
---
|
||||
framework/src/setroubleshoot/browser.py | 2 ++
|
||||
1 file changed, 2 insertions(+)
|
||||
|
||||
diff --git a/framework/src/setroubleshoot/browser.py b/framework/src/setroubleshoot/browser.py
|
||||
index 4b1c143fac9a..1f6cae0b29f6 100644
|
||||
--- a/framework/src/setroubleshoot/browser.py
|
||||
+++ b/framework/src/setroubleshoot/browser.py
|
||||
@@ -998,6 +998,8 @@ class BugReport:
|
||||
content = text_buf.get_text(text_buf.get_start_iter(),
|
||||
text_buf.get_end_iter(), False)
|
||||
local_policy_package = get_rpm_source_package(self.alert.environment.local_policy_rpm)
|
||||
+ if local_policy_package is None:
|
||||
+ local_policy_package = self.alert.environment.policy_rpm
|
||||
signature = report.createAlertSignature(local_policy_package,
|
||||
"setroubleshoot",
|
||||
self.alert.get_hash(),
|
||||
--
|
||||
2.25.1
|
||||
|
||||
|
|
@ -3,28 +3,14 @@
|
|||
|
||||
Summary: Helps troubleshoot SELinux problems
|
||||
Name: setroubleshoot
|
||||
Version: 3.3.22
|
||||
Release: 6%{?dist}
|
||||
Version: 3.3.23
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
URL: https://pagure.io/setroubleshoot
|
||||
Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
|
||||
Source1: %{name}.tmpfiles
|
||||
# git format-patch -N setroubleshoot-3.3.22 -- framework
|
||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||
Patch0001: 0001-framework-sepolicy.info-returns-a-generator-not-a-li.patch
|
||||
Patch0002: 0002-framework-Log-plugin-exception-traceback-when-log-le.patch
|
||||
Patch0003: 0003-Update-translations.patch
|
||||
# Patch0004: 0004-Drop-old-unused-files.patch
|
||||
Patch0005: 0005-setroubleshoot.util-get_rpm_nvr_by_type-and-get_rpm_.patch
|
||||
Patch0006: 0006-Export-setroubleshoot.utils.get_rpm_nvr_by_scontext-.patch
|
||||
Patch0007: 0007-setroubleshoot.utils.get_rpm_nvr_by_scontext-add-opt.patch
|
||||
Patch0008: 0008-Add-Local-SELinux-policy-package-version-to-analyses.patch
|
||||
Patch0009: 0009-Report-bug-on-a-package-which-owns-the-related-SELin.patch
|
||||
Patch0010: 0010-Use-pydbus-a-modern-Python-dbus-API-for-Setroublesho.patch
|
||||
Patch0011: 0011-root-user-doesn-t-need-to-use-SetroubleshootPrivileg.patch
|
||||
Patch0012: 0012-Drop-updater.py-it-s-not-used-and-doesn-t-work.patch
|
||||
Patch0013: 0013-sealert-Drop-unused-import-slib.dbus.service.patch
|
||||
Patch0014: 0014-framework-browser-Do-not-try-to-report-a-bug-on-None.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: libcap-ng-devel
|
||||
BuildRequires: intltool gettext python3 python3-devel
|
||||
|
|
@ -213,6 +199,15 @@ SELinux troubleshoot legacy applet
|
|||
%{_bindir}/seappletlegacy
|
||||
|
||||
%changelog
|
||||
* Tue Apr 21 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.23-1
|
||||
- browser: Check return value of Gdk.Screen().get_default()
|
||||
- Improve and unify error messages
|
||||
- setroubleshoot.util: Catch exceptions from sepolicy import
|
||||
- Add dpkg support
|
||||
- Do not refer to hardcoded selinux-policy rpm in signature
|
||||
- Make date/time format locale specific
|
||||
- Improve speed of plugin evaluation
|
||||
|
||||
* Wed Mar 4 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.22-6
|
||||
- Do not try to report a bug on None package (#1809801)
|
||||
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
SHA512 (setroubleshoot-3.3.22.tar.gz) = 4d9d866f018307244162e814c80bc0640c7710bc62ad0ed61f70a033530084d78662de54ce2993252303d57c0960a34b72a52cf40012cbe291d329a58f11516e
|
||||
SHA512 (setroubleshoot-3.3.23.tar.gz) = 896fe0ef3929bc0894b5ab2a3bf54cad68efc5897d8700ae042b249de4f74d0804eabffb0ef2840b39c595b8c62f55cb9a1e94ecdff68ef001095266d4414544
|
||||
|
|
|
|||
Loading…
Reference in New Issue