setroubleshoot-3.3.22-4

- sealert to report a bug on a package which owns the related SELinux domain https://pagure.io/setroubleshoot/issue/18
2020-02-27 15:04:17 +01:00 · 2020-02-27 15:04:17 +01:00 · e2dfff1666
parent 4759318f5d
commit e2dfff1666
10 changed files with 10056 additions and 3 deletions
--- a/0001-framework-sepolicy.info-returns-a-generator-not-a-li.patch
+++ b/0001-framework-sepolicy.info-returns-a-generator-not-a-li.patch
@ -24,5 +24,5 @@ index 66986a7adfb0..6f0e1e8166ac 100644
         for t in wtypes:
             if t in all_types:
 -- 
-2.23.0
+2.25.1

--- a/0002-framework-Log-plugin-exception-traceback-when-log-le.patch
+++ b/0002-framework-Log-plugin-exception-traceback-when-log-le.patch
@ -36,5 +36,5 @@ index e16a47a3791f..43b2484be353 100644
 
         report_receiver.report_problem(siginfo)
 -- 
-2.23.0
+2.25.1

--- a/0003-Update-translations.patch
+++ b/0003-Update-translations.patch
--- a/0004-Drop-old-unused-files.patch
+++ b/0004-Drop-old-unused-files.patch
@ -0,0 +1,111 @@
+From 0248b9fa3bb7399ca9cc4883fe42468924fd3353 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Fri, 21 Feb 2020 10:05:17 +0100
+Subject: [PATCH] Drop old unused files
+
+---
+ framework/gui/.cvsignore     |   2 --
+ framework/po/.cvsignore      |  16 ----------------
+ framework/src/.browse.py.swp | Bin 16384 -> 0 bytes
+ framework/src/.cvsignore     |   5 -----
+ 4 files changed, 23 deletions(-)
+ delete mode 100644 framework/gui/.cvsignore
+ delete mode 100644 framework/po/.cvsignore
+ delete mode 100644 framework/src/.browse.py.swp
+ delete mode 100644 framework/src/.cvsignore
+
+diff --git a/framework/gui/.cvsignore b/framework/gui/.cvsignore
+deleted file mode 100644
+index 282522db0342..000000000000
+--- a/framework/gui/.cvsignore
+++ /dev/null
+@@ -1,2 +0,0 @@
+-Makefile
+-Makefile.in
+diff --git a/framework/po/.cvsignore b/framework/po/.cvsignore
+deleted file mode 100644
+index 1c34a2cc0c8e..000000000000
+--- a/framework/po/.cvsignore
+++ /dev/null
+@@ -1,16 +0,0 @@
+-*.gmo
+-*.mo
+-*.pot
+-.intltool-merge-cache
+-Makefile
+-Makefile.in
+-Makefile.in.in
+-POTFILES
+-cat-id-tbl.c
+-messages
+-missing
+-notexist
+-po2tbl.sed
+-po2tbl.sed.in
+-stamp-cat-id
+-stamp-it
+diff --git a/framework/src/.browse.py.swp b/framework/src/.browse.py.swp
+deleted file mode 100644
+index 72ee0a12d8c948e4f0d3fe6b513b63b357cbb712..0000000000000000000000000000000000000000
+GIT binary patch
+literal 0
+HcmV?d00001
+
+literal 16384
+zcmeI3UyR&F9mj`;rcKj8X`g^14SRj?!p6I|m%CIE2efb@snVn(m$amRoLPHz*FCSj
+zwP$Z{0fFFwM_LqGBzUPB9zY15sf0kSD)kSdMZ6*U)~YI?K2Vh>K=7UMpRs*sZgUdi
+zD%rZv?%MwSe)F5({2%*zor|aMrN_-K!Ep;A5B%%WnO`2dg?#Blgb2@_$jiGOUSKnC
+z7(~KUznoyiTz?0pZ%Bjfh~rO$!KCN$Xcz>d-4EG_PlIry9ffwg7Y5Uao8#FI7V1lN
+z1nLOvDFPGGKYHg8veaGdNd1MzC+TgsUf7eVTB(je9f3Lmbp+}N)Dfs7P)DGSKplbi
+zX9UFfI`U1peqG}JrR4hqrSAjD`8~<^gQfe)Y5i44ppHNtfjR<p1nLOX5vU_jN1%>C
+z9f3Lmbp+}N?868!M?Ll@-<J!1JpWJE|9}55A#Z~}f>*)I;3e=2@N+N&3|s~)pa~Yh
+zVQ>)q1@8~M0=^C+a02}M2qC`(KLS_4ec%xI!_9>J09*zZcmy=TyN3yR9y|dq0}DI?
+zJ`O$xzI_uRe?3IVI{4L%gxmohzk!hN0tPOFJHP@s0G>Ta$Wved?gAz_41Rw-A-@Js
+zgBiF8+TaLy>w|<`1>XY<JOGY^cd#My3iu%qfPv3~1K@AiOnDY;0teXOGvJ?y@lU{0
+z;7K53eg$klXmZ%0*>^q9Xp-EOklTX!1CJZs7VXkc(};V0^UG^rShvofzO+V<(qljb
+zf_beS?zQ4uO`6$MqI8wIzA%jK#+vj~)bQL5?zwnf!=Y`u*y)(ff=_s(!-|4QXmcwZ
+z^o)+V)S?}8xkVS7Bui(G-0bY|4nF0LmJ;tS9dCD+mrVp`X(ju$tbP@o{%@h}!2hx{
+z<@18Ek`u9hryw%MYcZl&mN_ju@Pg3j4J`FTE2dXaK(Y`lkM+1`4rIW^43(g1_684j
+z9?k^>l4Eyk#Kxx0+%T~0kTU_nOeDSwv4Pky2hN6hpAt9D20kxma{GDrn6{)nO01n8
+zu|YnmEX{~-Ca%jo_rqXh#cmk!SBuKjwdMawWuZ7=I2UzQTTxAED_2&i>3y`EO&+>p
+zMpsv9V-RxgH%?@^+1b$I?uKUE^MdI-mO2HO$_|Cx$r;%tSo^Xv>k6??>T>2#sVb{N
+zcX*#N$FcBon(88Dvxw_QOEt^5Z){Pw-$w^K<bI1fLGy&}{CX4Db9iXlf$yUOw<34o
+zGcQucnzB0K(9){MOVew}!ba6XF*c%6&!Kp2ZsIv~$Tm4;w#}mmeL8LTT)*98(GaqY
+z?1Z`z9l4R}HI$i#J;dn2rIS=$r9ofoN<$GF^_Ue6S;#HX&`q-FR8o^$bgA}ho_NJw
+zNQ*A-uW+Sq-MK&A!c^n`RO^XqlK4>7J_@{va05TGHhaMqdWf_=%g!t4J&Go6G>SrK
+zIi&{e1i2wFa=(hn5`S#MBVlx9HoLhYNF^%!k!#a%``0F~r*&0&vbt__EbaStQ>w^+
+zMflS2l)D@qh6+V3P*zRjQK6XLE~}NpQlVZJE1M~XslrH6NSi3uzp3jx!8D$^<SP!^
+z2MTCqsa$np`HCdtn~OTFxQ+{kSF$Tqbk$Z;Wz{kBch{6cImIl4X;YHpothY8V$O|5
+zdlH3hH42qq7#~dB<Tdfo9C*xuRa&-&e8}1D-SM!SoBXPlrB_R<7{8RR`jErCWx2j9
+zEGr(GlQ~~ze$1jM6AgR}lfl#)am)5xdxJa4<Y4ML=os?jzjQ{v7jHc_annVBObsUD
+z;;<Za1Ys~MSimfT3AU=H#+Xdl9#W_46A^?i^Va#6SaV#QB=Zd7j>bVKWX7|fao?1l
+zss%xM63rqa*Z(hJoqIFZ$8!CjKHq;0Yk0Zt{~h=l_zvLU^WdZ4J*?+n15bk)I0Y8K
+zdsxr^2|NdW3LXbjun8`L1#lDiGuHQSgBQUSFasCC1+W6H2k&5w|0=i&o&nziXTdS>
+z5%4C~|8Ia7z!mT{&;zHyC&2CCAJ`js0sI(T1y6t}*aQ>sIdBlXj=h5?!M)%H@EgQq
+z2DZQygy4R#3~mQUfQ;E;P#<*!>Il>ks3Y(`j{wDyj?>AEfvfS=Os8KM><c$A%h)~|
+zLjv11mgVE$+AK@$A6b?f`>kZp262*U$s?ZV%bAzSgkbj2z%*F>M_h{@!)mcb<^RLQ
+zpV;fg7Sk*ktCh%VdCsS1W~mi5Cr<2OGZv=yW(QN`#0qwsVQ6nw)IMQi2U&orz1hKJ
+zIduoqURb(DGa;ADE<<X?!Ng{3q<1*v8H!YH)8@)WF7d`;Fy^6{84dp^q$VRjYUH-S
+zmBC#VrIggtrH``iO@s)1Q_drEvs5fH(@R9v6MV>PV`gty+;?Oxi8ZzN*`;jmD=i!G
+zCJ#0-&m)P4{1K=4&dtL!vyot-kcO28+)NY3B~^CYmmf=N^^vQHnJ6an1}tmuaFY0S
+z>h54Gm(@(A6asx+?sX3t)<2e*jkzJ4==oE3eevA=*0~GoI)zjrN#>;dw^F2&WkWZK
+z?HN%E@ReLfa>6nzdWosi%ZZd+&)=ETd970Ae%cb}a6S{2uBVG!?Ra*(<hH&(r_-rI
+zmCL%>o6-|?npCc|ZskNu-sJC8`*Zf(*)^RrtyASv)`KXI<XOofEl~0&cVk|6GL<TC
+zP-Ru}X<JXDqN`i^PFkAf>pHgOJ6RsfH+162&!dw_xc!-GT=!f!zkd4USFAH@CyUK1
+z@fG4&;EJJzt>iE=y34u%@{Z4CwWLsGS7&=Js|E2Yn}z&)uFtJ$$i~KcILSSSD*0C>
+sR!Fc)C`~Y_4QJ$&JoL9aMXw+teb7Q_QUwt_cgT+``PzVhRX=X~59wTn2><{9
+
+diff --git a/framework/src/.cvsignore b/framework/src/.cvsignore
+deleted file mode 100644
+index 6e03301e58ea..000000000000
+--- a/framework/src/.cvsignore
+++ /dev/null
+@@ -1,5 +0,0 @@
+-Makefile
+-Makefile.in
+-config.py
+-setroubleshoot.cfg
+-*.pyc
+-- 
+2.25.1
+
--- a/0005-setroubleshoot.util-get_rpm_nvr_by_type-and-get_rpm_.patch
+++ b/0005-setroubleshoot.util-get_rpm_nvr_by_type-and-get_rpm_.patch
@ -0,0 +1,164 @@
+From 9fe3ac2862a8c175520a0f275f39f548c2cf9d1e Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 24 Feb 2020 18:55:59 +0100
+Subject: [PATCH] setroubleshoot.util: get_rpm_nvr_by_type() and
+ get_rpm_nvr_by_scontext()
+
+get_rpm_nvr_by_scontext(scontext)
+     Finds an SELinux module which defines given SELinux context
+
+     ##### arguments
+
+     * `scontext(s)`: an SELinux context
+
+     ##### return values
+
+     * `nvr(s)`: nvr of rpm which ships module where SELinux type used in `scontext` is defined
+
+     ##### usage
+
+     >>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")
+     selinux-policy-
+
+     >>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")
+     mysqld-selinux-
+
+     >>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0")
+     selinux-policy-
+
+ get_rpm_nvr_by_type(selinux_type)
+     Finds an SELinux module which defines given SELinux type
+
+     ##### arguments
+
+     * `selinux_type(s)`: an SELinux type
+
+     ##### return values
+
+     * `nvr(s)`: nvr of rpm which ships module where `selinux_type` is defined
+
+     ##### usage
+
+     >>> get_rpm_nvr_by_type("sshd_t")
+     selinux-policy-
+
+     >>> get_rpm_nvr_by_type("mysqld_log_t")
+     mysqld-selinux
+---
+ framework/src/setroubleshoot/util.py | 79 ++++++++++++++++++++++++++++
+ 1 file changed, 79 insertions(+)
+
+diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
+index b826e7f4e3d1..a69269113236 100755
+--- a/framework/src/setroubleshoot/util.py
+++ b/framework/src/setroubleshoot/util.py
+@@ -35,6 +35,8 @@ __all__ = [
+     'get_rpm_nvr_from_header',
+     'get_rpm_nvr_by_name',
+     'get_rpm_nvr_by_file_path',
+    'get_rpm_nvr_by_type',
+    'get_rpm_nvr_by_scontext',
+     'is_hex',
+     'split_rpm_nvr',
+     'file_types',
+@@ -62,6 +64,7 @@ __all__ = [
+     'Retry',
+ ]
+ 
+import bz2
+ import six
+ import datetime
+ import glob
+@@ -69,6 +72,7 @@ from gi.repository import GObject
+ import os
+ import pwd
+ import re
+import selinux
+ import sys
+ import textwrap
+ import time
+@@ -404,6 +408,81 @@ def split_rpm_nvr(nvr):
+     name = '-'.join(components[:-2])
+     return (name, version, release)
+ 
+def get_rpm_nvr_by_type(selinux_type):
+    """
+Finds an SELinux module which defines given SELinux type
+
+##### arguments
+
+* `selinux_type(s)`: an SELinux type
+
+##### return values
+
+* `nvr(s)`: nvr of rpm which ships module where `selinux_type` is defined
+
+##### usage
+
+>>> get_rpm_nvr_by_type("sshd_t")
+selinux-policy-
+
+>>> get_rpm_nvr_by_type("mysqld_log_t")
+mysqld-selinux
+
+    """
+    retval, policytype = selinux.selinux_getpolicytype()
+    if retval != 0:
+        return None
+    typedef = "(type {})\n".format(selinux_type)
+    modules = []
+    for (dirpath, dirnames, filenames) in os.walk("/var/lib/selinux/{}/active/modules".format(policytype)):
+        if "cil" in filenames:
+            try:
+                defined = False
+                try:
+                    # cil files are bzip2'ed by default
+                    defined = typedef.encode() in bz2.open("{}/cil".format(dirpath))
+                except:
+                    # maybe cil file is not bzip2'ed, try plain text
+                    defined = typedef in open("{}/cil".format(dirpath))
+
+                if defined:
+                    modules.append(dirpath)
+            except:
+                # something's wrong, move on
+                # FIXME: log a problem?
+                pass
+
+    if len(modules) > 0:
+        return get_rpm_nvr_by_file_path(sorted(modules)[-1])
+
+    return None
+
+def get_rpm_nvr_by_scontext(scontext):
+    """
+Finds an SELinux module which defines given SELinux context
+
+##### arguments
+
+* `scontext(s)`: an SELinux context
+
+##### return values
+
+* `nvr(s)`: nvr of rpm which ships module where SELinux type used in `scontext` is defined
+
+##### usage
+
+>>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")
+selinux-policy-
+
+>>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")
+mysqld-selinux-
+
+>>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0")
+selinux-policy-
+
+    """
+    context = selinux.context_new(str(scontext))
+    return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
+ 
+ def get_user_home_dir():
+     uid = os.getuid()
+-- 
+2.25.1
+
--- a/0006-Export-setroubleshoot.utils.get_rpm_nvr_by_scontext-.patch
+++ b/0006-Export-setroubleshoot.utils.get_rpm_nvr_by_scontext-.patch
@ -0,0 +1,162 @@
+From 5242f26ab29c7787a6071d10bf613e6b283512ef Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Mon, 24 Feb 2020 19:04:25 +0100
+Subject: [PATCH] Export setroubleshoot.utils.get_rpm_nvr_by_scontext via DBUS
+
+$ dbus-send --system --print-reply --dest=org.fedoraproject.SetroubleshootPrivileged \
+  /org/fedoraproject/SetroubleshootPrivileged/object \
+  org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext \
+  string:"system_u:system_r:mysqld_log_t:s0"
+
+org.fedoraproject.SetroubleshootPrivileged is available only for
+`setroubleshoot` user and it's supposed to be a privileged helper which is used
+by `setroubleshootd`
+---
+ framework/Makefile.am                         |  7 ++-
+ ...edoraproject.SetroubleshootPrivileged.conf | 20 +++++++
+ ...raproject.SetroubleshootPrivileged.service |  4 ++
+ framework/src/Makefile.am                     |  3 +-
+ framework/src/SetroubleshootPrivileged.py     | 57 +++++++++++++++++++
+ 5 files changed, 88 insertions(+), 3 deletions(-)
+ create mode 100644 framework/org.fedoraproject.SetroubleshootPrivileged.conf
+ create mode 100644 framework/org.fedoraproject.SetroubleshootPrivileged.service
+ create mode 100644 framework/src/SetroubleshootPrivileged.py
+
+diff --git a/framework/Makefile.am b/framework/Makefile.am
+index 56a8b37fa037..f330b7c3e112 100644
+--- a/framework/Makefile.am
+++ b/framework/Makefile.am
+@@ -14,12 +14,15 @@ dbus_session_DATA = sealert.service
+ dbus_systemservicedir = $(datadir)/dbus-1/system-services
+ dbus_systemservice_DATA = \
+ 			org.fedoraproject.Setroubleshootd.service \
+-			org.fedoraproject.SetroubleshootFixit.service 
+			org.fedoraproject.SetroubleshootFixit.service \
+			org.fedoraproject.SetroubleshootPrivileged.service
+ 
+ dbus_systemdir = $(sysconfdir)/dbus-1/system.d
+ dbus_system_DATA = \
+ 			org.fedoraproject.Setroubleshootd.conf \
+-			org.fedoraproject.SetroubleshootFixit.conf
+			org.fedoraproject.SetroubleshootFixit.conf \
+			org.fedoraproject.SetroubleshootPrivileged.conf
+
+ 
+ polkit_systemdir = $(datadir)/polkit-1/actions
+ polkit_system_DATA = \
+diff --git a/framework/org.fedoraproject.SetroubleshootPrivileged.conf b/framework/org.fedoraproject.SetroubleshootPrivileged.conf
+new file mode 100644
+index 000000000000..aaa0a0f661d3
+--- /dev/null
+++ b/framework/org.fedoraproject.SetroubleshootPrivileged.conf
+@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
+
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+  <!-- Only root can own the service -->
+  <policy user="root">
+    <allow own="org.fedoraproject.SetroubleshootPrivileged"/>
+  </policy>
+
+  <policy user="setroubleshoot">
+    <allow send_destination="org.fedoraproject.SetroubleshootPrivileged"
+	   send_interface="org.fedoraproject.SetroubleshootPrivileged"/>
+    <allow send_destination="org.fedoraproject.SetroubleshootPrivileged"
+		send_interface="org.freedesktop.DBus.Introspectable"/>
+  </policy>
+
+</busconfig>
+diff --git a/framework/org.fedoraproject.SetroubleshootPrivileged.service b/framework/org.fedoraproject.SetroubleshootPrivileged.service
+new file mode 100644
+index 000000000000..7a454589a31d
+--- /dev/null
+++ b/framework/org.fedoraproject.SetroubleshootPrivileged.service
+@@ -0,0 +1,4 @@
+[D-BUS Service]
+Name=org.fedoraproject.SetroubleshootPrivileged
+Exec=/usr/share/setroubleshoot/SetroubleshootPrivileged.py
+User=root
+diff --git a/framework/src/Makefile.am b/framework/src/Makefile.am
+index e1782d585e8d..bf53763b3084 100644
+--- a/framework/src/Makefile.am
+++ b/framework/src/Makefile.am
+@@ -38,7 +38,8 @@ pkglibexec_SCRIPTS =            	\
+ pkgdir = $(datarootdir)/setroubleshoot
+ pkg_SCRIPTS =			\
+ 	SetroubleshootFixit.py		\
+-	updater.py
+	updater.py \
+	SetroubleshootPrivileged.py
+ 
+ pkgconfig_DATA =			\
+ 	setroubleshoot.conf		\
+diff --git a/framework/src/SetroubleshootPrivileged.py b/framework/src/SetroubleshootPrivileged.py
+new file mode 100644
+index 000000000000..858115bbe5ae
+--- /dev/null
+++ b/framework/src/SetroubleshootPrivileged.py
+@@ -0,0 +1,57 @@
+#!/usr/bin/python3
+
+# Authors: Petr Lautrbach <plautrba@redhat.com>
+#
+# Copyright (C) 2020 Red Hat, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+import dbus
+import dbus.service
+from dbus.mainloop.glib import DBusGMainLoop
+from gi.repository import GLib
+import setroubleshoot.util
+import signal
+
+DBusGMainLoop(set_as_default=True)
+
+class Privileged(dbus.service.Object):
+
+    def __init__(self, timeout=10):
+        self.timeout = timeout
+        self.alarm(self.timeout)
+
+        bus = dbus.SystemBus()
+        bus.request_name("org.fedoraproject.SetroubleshootPrivileged")
+        bus_name = dbus.service.BusName("org.fedoraproject.SetroubleshootPrivileged", bus=bus)
+        dbus.service.Object.__init__(self, bus_name, "/org/fedoraproject/SetroubleshootPrivileged/object")
+
+    def alarm(self, timeout=10):
+        signal.alarm(timeout)
+
+    @dbus.service.method("org.fedoraproject.SetroubleshootPrivileged", in_signature='s', out_signature='s')
+    def get_rpm_nvr_by_scontext(self, scontext):
+        signal.alarm(self.timeout)
+        rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext)
+        if rpmnvr is None:
+            return ""
+
+        return rpmnvr
+
+if __name__ == "__main__":
+    privileged = Privileged()
+
+    loop = GLib.MainLoop()
+    loop.run()
+-- 
+2.25.1
+
--- a/0007-setroubleshoot.utils.get_rpm_nvr_by_scontext-add-opt.patch
+++ b/0007-setroubleshoot.utils.get_rpm_nvr_by_scontext-add-opt.patch
@ -0,0 +1,91 @@
+From 72de472c510e6e3d50c72efbd1e1fd291ed35b68 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 25 Feb 2020 10:29:55 +0100
+Subject: [PATCH] setroubleshoot.utils.get_rpm_nvr_by_scontext add option to
+ use DBUS method
+
+Using keyword `use_dbus=True`:
+
+get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)
+
+the function calls org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext
+DBUS method in order to get data using privileged process.
+---
+ framework/src/setroubleshoot/util.py | 33 ++++++++++++++++++++--------
+ 1 file changed, 24 insertions(+), 9 deletions(-)
+
+diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
+index a69269113236..94bb988564ed 100755
+--- a/framework/src/setroubleshoot/util.py
+++ b/framework/src/setroubleshoot/util.py
+@@ -67,6 +67,7 @@ __all__ = [
+ import bz2
+ import six
+ import datetime
+import dbus
+ import glob
+ from gi.repository import GObject
+ import os
+@@ -423,10 +424,10 @@ Finds an SELinux module which defines given SELinux type
+ ##### usage
+ 
+ >>> get_rpm_nvr_by_type("sshd_t")
+-selinux-policy-
+'selinux-policy-...
+ 
+ >>> get_rpm_nvr_by_type("mysqld_log_t")
+-mysqld-selinux
+'mysql-selinux-...
+ 
+     """
+     retval, policytype = selinux.selinux_getpolicytype()
+@@ -457,7 +458,7 @@ mysqld-selinux
+ 
+     return None
+ 
+-def get_rpm_nvr_by_scontext(scontext):
+def get_rpm_nvr_by_scontext(scontext, use_dbus=False):
+     """
+ Finds an SELinux module which defines given SELinux context
+ 
+@@ -472,17 +473,31 @@ Finds an SELinux module which defines given SELinux context
+ ##### usage
+ 
+ >>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")
+-selinux-policy-
+'selinux-policy-...
+ 
+ >>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")
+-mysqld-selinux-
+'mysql-selinux-...
+ 
+->>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0")
+-selinux-policy-
+>>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)
+'selinux-policy-...
+ 
+     """
+-    context = selinux.context_new(str(scontext))
+-    return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
+    if use_dbus:
+        bus = dbus.SystemBus()
+
+        try:
+            remote_object = bus.get_object("org.fedoraproject.SetroubleshootPrivileged",
+                                       "/org/fedoraproject/SetroubleshootPrivileged/object")
+
+            return str(remote_object.get_rpm_nvr_by_scontext(str(scontext),
+                    dbus_interface = "org.fedoraproject.SetroubleshootPrivileged"))
+        except dbus.DBusException:
+            from traceback import print_exc
+            print_exc()
+            return None
+    else:
+        context = selinux.context_new(str(scontext))
+        return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
+ 
+ def get_user_home_dir():
+     uid = os.getuid()
+-- 
+2.25.1
+
--- a/0008-Add-Local-SELinux-policy-package-version-to-analyses.patch
+++ b/0008-Add-Local-SELinux-policy-package-version-to-analyses.patch
@ -0,0 +1,60 @@
+From 74926ff27b35329819d74ea53eef2aff376cc6e1 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 25 Feb 2020 10:36:06 +0100
+Subject: [PATCH] Add Local SELinux policy package version to analyses reports
+
+Sometimes a SELinux domain is shipped by other than selinux-policy packages. In
+this case it's useful to report other package policy version together with
+selinux-policy version, e.g. for the following AVC:
+
+type=AVC msg=audit(1582621541.469:6896): avc:  denied  { write } for pid=1627505 comm="python3" name="plautrba" dev="dm-4" ino=19529729 scontext=system_u:system_r:mysqld_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=1
+
+a report will contain the following lines:
+
+SELinux Policy RPM     selinux-policy-3.14.5-24.fc32.1.contrib.50770ffc2a14.noarch
+Local Policy RPM       mysql-selinux-1.0.0-9.fc32.noarch
+---
+ framework/src/setroubleshoot/signature.py | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/framework/src/setroubleshoot/signature.py b/framework/src/setroubleshoot/signature.py
+index 711c2875f5a4..7287eec8af61 100755
+--- a/framework/src/setroubleshoot/signature.py
+++ b/framework/src/setroubleshoot/signature.py
+@@ -120,6 +120,7 @@ class SEEnvironment(XmlSerialize):
+         'kernel': {'XMLForm': 'element'},
+         'policy_type': {'XMLForm': 'element'},
+         'policy_rpm': {'XMLForm': 'element'},
+        'local_policy_rpm': {'XMLForm': 'element'},
+         'enforce': {'XMLForm': 'element'},
+         'selinux_enabled': {'XMLForm': 'element', 'import_typecast': boolean, },
+         'selinux_mls_enabled': {'XMLForm': 'element', 'import_typecast': boolean, },
+@@ -141,6 +142,7 @@ class SEEnvironment(XmlSerialize):
+         self.platform, self.kernel = get_os_environment()
+         self.policy_type = selinux.selinux_getpolicytype()[1]
+         self.policy_rpm = get_rpm_nvr_by_name("selinux-policy")
+        self.local_policy_rpm = self.policy_rpm
+         self.policyvers = str(selinux.security_policyvers())
+         enforce = selinux.security_getenforce()
+         if enforce == 0:
+@@ -312,6 +314,7 @@ class SEFaultSignatureInfo(XmlSerialize):
+             setattr(self, k, v)
+         self.report_count = 1
+         self.plugin_list = []
+        self.environment.local_policy_rpm = get_rpm_nvr_by_scontext(self.scontext, use_dbus=True)
+ 
+     def update_merge(self, siginfo):
+         if siginfo.last_seen_date != self.last_seen_date:
+@@ -524,7 +527,8 @@ class SEFaultSignatureInfo(XmlSerialize):
+             text += format_2_column_name_value(_("Host"), default_text(self.sig.host))
+         text += format_2_column_name_value(_("Source RPM Packages"), default_text(self.format_rpm_list(self.src_rpm_list)))
+         text += format_2_column_name_value(_("Target RPM Packages"), default_text(self.format_rpm_list(self.tgt_rpm_list)))
+-        text += format_2_column_name_value(_("Policy RPM"), default_text(env.policy_rpm))
+        text += format_2_column_name_value(_("SELinux Policy RPM"), default_text(env.policy_rpm))
+        text += format_2_column_name_value(_("Local Policy RPM"), default_text(env.local_policy_rpm))
+         text += format_2_column_name_value(_("Selinux Enabled"), default_text(env.selinux_enabled))
+         text += format_2_column_name_value(_("Policy Type"), default_text(env.policy_type))
+         text += format_2_column_name_value(_("Enforcing Mode"), default_text(env.enforce))
+-- 
+2.25.1
+
--- a/0009-Report-bug-on-a-package-which-owns-the-related-SELin.patch
+++ b/0009-Report-bug-on-a-package-which-owns-the-related-SELin.patch
@ -0,0 +1,69 @@
+From a9a1d1b99c30208006a86474c19ab288c933afb6 Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 25 Feb 2020 13:00:10 +0100
+Subject: [PATCH] Report bug on a package which owns the related SELinux domain
+
+---
+ framework/src/setroubleshoot/browser.py |  3 ++-
+ framework/src/setroubleshoot/util.py    | 24 ++++++++++++++++++++++++
+ 2 files changed, 26 insertions(+), 1 deletion(-)
+
+diff --git a/framework/src/setroubleshoot/browser.py b/framework/src/setroubleshoot/browser.py
+index 22ffd132d9a2..4b1c143fac9a 100644
+--- a/framework/src/setroubleshoot/browser.py
+++ b/framework/src/setroubleshoot/browser.py
+@@ -997,7 +997,8 @@ class BugReport:
+         text_buf = self.error_submit_text.get_buffer()
+         content = text_buf.get_text(text_buf.get_start_iter(),
+                                     text_buf.get_end_iter(), False)
+-        signature = report.createAlertSignature("selinux-policy",
+        local_policy_package = get_rpm_source_package(self.alert.environment.local_policy_rpm)
+        signature = report.createAlertSignature(local_policy_package,
+                                                 "setroubleshoot",
+                                                 self.alert.get_hash(),
+                                                 self.summary,
+diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
+index 94bb988564ed..77b3668afa86 100755
+--- a/framework/src/setroubleshoot/util.py
+++ b/framework/src/setroubleshoot/util.py
+@@ -37,6 +37,7 @@ __all__ = [
+     'get_rpm_nvr_by_file_path',
+     'get_rpm_nvr_by_type',
+     'get_rpm_nvr_by_scontext',
+    'get_rpm_source_package',
+     'is_hex',
+     'split_rpm_nvr',
+     'file_types',
+@@ -499,6 +500,29 @@ Finds an SELinux module which defines given SELinux context
+         context = selinux.context_new(str(scontext))
+         return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
+ 
+def get_rpm_source_package(name):
+    """
+    Find a source package for `name` rpm
+    
+    >>> get_rpm_source_package("policycoreutils-python-utils")
+    'policycoreutils'
+
+    >>> get_rpm_source_package("selinux-policy-targeted")
+    'selinux-policy'
+
+    """
+    if name is None:
+        return None
+
+    src = None
+    try:
+        import subprocess
+        src = subprocess.check_output(["rpm", "-q", "--qf", "%{SOURCERPM}", name], universal_newlines=True).rsplit('-',2)[0]
+    except:
+        syslog.syslog(syslog.LOG_ERR, "failed to retrieve rpm info for %s" % name)
+    return src
+
+
+ def get_user_home_dir():
+     uid = os.getuid()
+     try:
+-- 
+2.25.1
+
--- a/setroubleshoot.spec
+++ b/setroubleshoot.spec
@ -4,14 +4,22 @@
 Summary: Helps troubleshoot SELinux problems
 Name: setroubleshoot
 Version: 3.3.22
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 URL: https://pagure.io/setroubleshoot
 Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
 Source1: %{name}.tmpfiles
 # git format-patch -N setroubleshoot-3.3.22 -- framework
+# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
 Patch0001: 0001-framework-sepolicy.info-returns-a-generator-not-a-li.patch
 Patch0002: 0002-framework-Log-plugin-exception-traceback-when-log-le.patch
+Patch0003: 0003-Update-translations.patch
+# Patch0004: 0004-Drop-old-unused-files.patch
+Patch0005: 0005-setroubleshoot.util-get_rpm_nvr_by_type-and-get_rpm_.patch
+Patch0006: 0006-Export-setroubleshoot.utils.get_rpm_nvr_by_scontext-.patch
+Patch0007: 0007-setroubleshoot.utils.get_rpm_nvr_by_scontext-add-opt.patch
+Patch0008: 0008-Add-Local-SELinux-policy-package-version-to-analyses.patch
+Patch0009: 0009-Report-bug-on-a-package-which-owns-the-related-SELin.patch
 BuildRequires: gcc
 BuildRequires: libcap-ng-devel
 BuildRequires: intltool gettext python3 python3-devel
@ -65,6 +73,7 @@ to user preference. The same tools can be run on existing log files.
 %autosetup -p 2

 %build
+autoreconf -f
 %configure PYTHON=%{__python3} --enable-seappletlegacy=yes --with-auditpluginsdir=/etc/audit/plugins.d
 make

@ -165,9 +174,11 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
 %{pkgpythondir}/__pycache__/xml_serialize.cpython*
 %dir %{pkgdatadir}
 %{pkgdatadir}/SetroubleshootFixit.py
+%{pkgdatadir}/SetroubleshootPrivileged.py
 %{pkgdatadir}/updater.py
 %config(noreplace) %{pkgconfigdir}/%{name}.conf
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.Setroubleshootd.conf
+%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootPrivileged.conf
 %attr(0700,setroubleshoot,setroubleshoot) %dir %{pkgvardatadir}
 %ghost %attr(0600,setroubleshoot,setroubleshoot) %{pkgdatabase}
 %ghost %attr(0644,setroubleshoot,setroubleshoot) %{pkgvardatadir}/email_alert_recipients
@ -177,6 +188,7 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
 %{_mandir}/man8/setroubleshootd.8.gz
 %config /etc/audit/plugins.d/sedispatch.conf
 %{_datadir}/dbus-1/system-services/org.fedoraproject.Setroubleshootd.service
+%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootPrivileged.service
 %{_datadir}/polkit-1/actions/org.fedoraproject.setroubleshootfixit.policy
 %config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootFixit.conf
 %{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
@ -197,6 +209,10 @@ SELinux troubleshoot legacy applet
 %{_bindir}/seappletlegacy

 %changelog
+* Thu Feb 27 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.22-4
+- sealert to report a bug on a package which owns the related SELinux domain
+  https://pagure.io/setroubleshoot/issue/18
+
 * Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.22-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild