Compare commits
29 Commits
master
...
main-riscv
Author | SHA1 | Date |
---|---|---|
David Abdurachmanov | f0783ee4e4 | |
David Abdurachmanov | 07deffe40f | |
Fedora Release Engineering | 41a59deb77 | |
Petr Lautrbach | ab44fbbbb7 | |
Python Maint | d6c96a4e3b | |
Petr Lautrbach | 32884f31db | |
Timothée Ravier | 9dd21d3b55 | |
Petr Lautrbach | 37c8e795f1 | |
Petr Lautrbach | 73eee022be | |
Petr Lautrbach | e53fbd0923 | |
Petr Lautrbach | db9ec84c0b | |
Petr Lautrbach | 2c88c3cee0 | |
Petr Lautrbach | 7c46629c9c | |
Petr Lautrbach | 05aacc00c1 | |
Petr Lautrbach | 58c30239f8 | |
Petr Lautrbach | 242da2b976 | |
Vit Mojzis | 38d9ec3188 | |
Timothée Ravier | 46d862d45c | |
Petr Lautrbach | 85a820031f | |
Fedora Release Engineering | 446ccd7b9c | |
Petr Lautrbach | 5b9a88224f | |
Python Maint | 420234f39a | |
Petr Lautrbach | 9eb5fb83b3 | |
Petr Lautrbach | e538407cbb | |
Vit Mojzis | c42ca71e46 | |
Fedora Release Engineering | 179d13d432 | |
Vit Mojzis | 9718e5e570 | |
Vit Mojzis | 714bed8c42 | |
Petr Lautrbach | e961adbdaf |
|
@ -209,3 +209,9 @@ setroubleshoot-2.2.93.tar.gz
|
||||||
/setroubleshoot-3.3.22.tar.gz
|
/setroubleshoot-3.3.22.tar.gz
|
||||||
/setroubleshoot-3.3.23.tar.gz
|
/setroubleshoot-3.3.23.tar.gz
|
||||||
/setroubleshoot-3.3.24.tar.gz
|
/setroubleshoot-3.3.24.tar.gz
|
||||||
|
/setroubleshoot-3.3.25.tar.gz
|
||||||
|
/setroubleshoot-3.3.26.tar.gz
|
||||||
|
/framework-3.3.27.tar.gz
|
||||||
|
/setroubleshoot-3.3.28.tar.gz
|
||||||
|
/setroubleshoot-3.3.29.tar.gz
|
||||||
|
/setroubleshoot-3.3.30.tar.gz
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -0,0 +1,95 @@
|
||||||
|
From def9fd0c22e43e437f867eb1f4bafc7c4a68898b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Tue, 18 Jan 2022 11:59:40 +0100
|
||||||
|
Subject: [PATCH] util.py: Improve doctest tests
|
||||||
|
|
||||||
|
Usage:
|
||||||
|
# python3 -m doctest -v src/setroubleshoot/util.py
|
||||||
|
---
|
||||||
|
src/setroubleshoot/util.py | 32 +++++++++++++++++---------------
|
||||||
|
1 file changed, 17 insertions(+), 15 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py
|
||||||
|
index 02c4f752e690..de10c7319138 100755
|
||||||
|
--- a/src/setroubleshoot/util.py
|
||||||
|
+++ b/src/setroubleshoot/util.py
|
||||||
|
@@ -321,7 +321,7 @@ def default_date_text(date):
|
||||||
|
|
||||||
|
def get_standard_directories():
|
||||||
|
"""
|
||||||
|
->>> get_standard_directories()
|
||||||
|
+>>> get_standard_directories() # doctest: +ELLIPSIS
|
||||||
|
[...'/bin'...]
|
||||||
|
"""
|
||||||
|
lst = []
|
||||||
|
@@ -347,8 +347,8 @@ def get_rpm_nvr_from_header(hdr):
|
||||||
|
|
||||||
|
def get_package_nvr_by_name(name):
|
||||||
|
"""
|
||||||
|
->>> get_package_nvr_by_name("coreutils")
|
||||||
|
-'coreutils-8.30-3+b1:amd64'
|
||||||
|
+>>> get_package_nvr_by_name("coreutils")[0:9]
|
||||||
|
+'coreutils'
|
||||||
|
"""
|
||||||
|
if name is None:
|
||||||
|
return None
|
||||||
|
@@ -369,8 +369,8 @@ def get_package_nvr_by_name(name):
|
||||||
|
|
||||||
|
def get_package_nvr_by_file_path(name):
|
||||||
|
"""
|
||||||
|
->>> get_package_nvr_by_file_path("/bin/ls")
|
||||||
|
-'coreutils-8.30-3+b1:amd64'
|
||||||
|
+>>> get_package_nvr_by_file_path("/bin/ls")[0:9]
|
||||||
|
+'coreutils'
|
||||||
|
"""
|
||||||
|
if name is None:
|
||||||
|
return None
|
||||||
|
@@ -424,11 +424,11 @@ Finds an SELinux module which defines given SELinux type
|
||||||
|
|
||||||
|
##### usage
|
||||||
|
|
||||||
|
->>> get_rpm_nvr_by_type("sshd_t")
|
||||||
|
-'selinux-policy-...
|
||||||
|
+>>> get_rpm_nvr_by_type("sshd_t")[0:14]
|
||||||
|
+'selinux-policy'
|
||||||
|
|
||||||
|
->>> get_rpm_nvr_by_type("mysqld_log_t")
|
||||||
|
-'mysql-selinux-...
|
||||||
|
+>>> get_rpm_nvr_by_type("mysqld_log_t")[0:13]
|
||||||
|
+'mysql-selinux'
|
||||||
|
|
||||||
|
"""
|
||||||
|
|
||||||
|
@@ -511,14 +511,14 @@ Finds an SELinux module which defines given SELinux context
|
||||||
|
|
||||||
|
##### usage
|
||||||
|
|
||||||
|
->>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")
|
||||||
|
-'selinux-policy-...
|
||||||
|
+>>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")[0:14]
|
||||||
|
+'selinux-policy'
|
||||||
|
|
||||||
|
->>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")
|
||||||
|
-'mysql-selinux-...
|
||||||
|
+>>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")[0:13]
|
||||||
|
+'mysql-selinux'
|
||||||
|
|
||||||
|
->>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)
|
||||||
|
-'selinux-policy-...
|
||||||
|
+>>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)[0:14]
|
||||||
|
+'selinux-policy'
|
||||||
|
|
||||||
|
"""
|
||||||
|
if use_dbus:
|
||||||
|
@@ -542,6 +542,8 @@ def get_rpm_source_package(name):
|
||||||
|
>>> get_rpm_source_package("selinux-policy-targeted")
|
||||||
|
'selinux-policy'
|
||||||
|
|
||||||
|
+ >>> get_rpm_source_package("selinux-policy-targeted-35.8-1.fc35.noarch")
|
||||||
|
+ 'selinux-policy'
|
||||||
|
"""
|
||||||
|
if name is None:
|
||||||
|
return None
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
|
@ -0,0 +1,54 @@
|
||||||
|
From 93a63babd44e8fc7652b4e6c3c078133f234310f Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Tue, 18 Jan 2022 15:59:09 +0100
|
||||||
|
Subject: [PATCH] Look for modules in /usr/share/selinux/packages
|
||||||
|
|
||||||
|
Not all packages shipping SELinux modules own their directory in
|
||||||
|
/var/lib/selinux/... Some of them own just .pp.bz2 file in
|
||||||
|
/usr/share/selinux/packages. Lets look there when we try to detect the
|
||||||
|
right component for the report.
|
||||||
|
---
|
||||||
|
src/setroubleshoot/util.py | 20 +++++++++++++++++++-
|
||||||
|
1 file changed, 19 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py
|
||||||
|
index de10c7319138..1405bb84c342 100755
|
||||||
|
--- a/src/setroubleshoot/util.py
|
||||||
|
+++ b/src/setroubleshoot/util.py
|
||||||
|
@@ -430,6 +430,9 @@ Finds an SELinux module which defines given SELinux type
|
||||||
|
>>> get_rpm_nvr_by_type("mysqld_log_t")[0:13]
|
||||||
|
'mysql-selinux'
|
||||||
|
|
||||||
|
+>>> get_rpm_nvr_by_type("spc_t")[0:17]
|
||||||
|
+'container-selinux'
|
||||||
|
+
|
||||||
|
"""
|
||||||
|
|
||||||
|
if module_type_cache is None:
|
||||||
|
@@ -439,7 +442,22 @@ Finds an SELinux module which defines given SELinux type
|
||||||
|
|
||||||
|
path = module_type_cache.get(selinux_type, None)
|
||||||
|
|
||||||
|
- return get_package_nvr_by_file_path(path)
|
||||||
|
+ if path is None:
|
||||||
|
+ return None
|
||||||
|
+
|
||||||
|
+ package = get_package_nvr_by_file_path(path)
|
||||||
|
+
|
||||||
|
+ if package is None:
|
||||||
|
+ module_name = path.split('/')[-1]
|
||||||
|
+ path = '/usr/share/selinux/packages/' + module_name + '.pp'
|
||||||
|
+ package = get_package_nvr_by_file_path(path)
|
||||||
|
+ if package is None:
|
||||||
|
+ path += '.bz2'
|
||||||
|
+ package = get_package_nvr_by_file_path(path)
|
||||||
|
+
|
||||||
|
+ return package
|
||||||
|
+
|
||||||
|
+
|
||||||
|
|
||||||
|
# check if given string represents an integer
|
||||||
|
def __str_is_int(str):
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
From 2dbf243d535c3b8dca5fa3b4e360ca8c6959f68d Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Tue, 18 Jan 2022 12:01:03 +0100
|
||||||
|
Subject: [PATCH] Always use rpm source package for reporting
|
||||||
|
|
||||||
|
Originally when a module wasn't owned by any package policy_rpm, e.g.
|
||||||
|
selinux-policy-targeted..., was used. In Red Hat bugzilla there's no
|
||||||
|
component selinux-policy-targeted therefore we need to use source
|
||||||
|
package name when reporting a problem.
|
||||||
|
|
||||||
|
Fixes:
|
||||||
|
fatal: RPC failed at server. There is no component named 'selinux-policy-targeted-35.8-1.fc35.noarch' in the 'Fedora' product.
|
||||||
|
---
|
||||||
|
src/setroubleshoot/browser.py | 7 ++++---
|
||||||
|
1 file changed, 4 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/setroubleshoot/browser.py b/src/setroubleshoot/browser.py
|
||||||
|
index 3203f75e0c17..48015834fe57 100644
|
||||||
|
--- a/src/setroubleshoot/browser.py
|
||||||
|
+++ b/src/setroubleshoot/browser.py
|
||||||
|
@@ -1002,9 +1002,10 @@ class BugReport:
|
||||||
|
text_buf = self.error_submit_text.get_buffer()
|
||||||
|
content = text_buf.get_text(text_buf.get_start_iter(),
|
||||||
|
text_buf.get_end_iter(), False)
|
||||||
|
- local_policy_package = get_rpm_source_package(self.alert.environment.local_policy_rpm)
|
||||||
|
- if local_policy_package is None:
|
||||||
|
- local_policy_package = self.alert.environment.policy_rpm
|
||||||
|
+ local_policy_rpm = self.alert.environment.local_policy_rpm
|
||||||
|
+ if not local_policy_rpm:
|
||||||
|
+ local_policy_rpm = self.alert.environment.policy_rpm
|
||||||
|
+ local_policy_package = get_rpm_source_package(local_policy_rpm)
|
||||||
|
signature = report.createAlertSignature(str(local_policy_package),
|
||||||
|
"setroubleshoot",
|
||||||
|
self.alert.get_hash(),
|
||||||
|
--
|
||||||
|
2.34.1
|
||||||
|
|
|
@ -1,29 +1,47 @@
|
||||||
Setroubleshoot translations currently live in the following locations:
|
Setroubleshoot translations currently live in the following locations:
|
||||||
|
|
||||||
- https://fedora.zanata.org/project/view/setroubleshoot
|
- https://translate.fedoraproject.org/projects/setroubleshoot/
|
||||||
- contains translations for both stable (RHEL) and master (Fedora) branches
|
- contains translations for both stable (rhel8) and main (Fedora) branches
|
||||||
- maintains large number of languages (several of which do not actually contain any translated strings)
|
- maintains large number of languages (several of which do not actually contain any translated strings)
|
||||||
- updated by community and partially by RH localization effort
|
- updated by community and partially by RH localization effort
|
||||||
|
|
||||||
- setroubleshoot source repositories (https://pagure.io/setroubleshoot and https://github.com/fedora-selinux/setroubleshoot)
|
- setroubleshoot source repositories
|
||||||
- is kept up-to-date with fedora.zanata
|
- https://gitlab.com/setroubleshoot
|
||||||
|
- used for development
|
||||||
|
- separate repos for plugins and framework
|
||||||
|
- https://pagure.io/setroubleshoot and https://github.com/fedora-selinux/setroubleshoot
|
||||||
|
- no longer updated
|
||||||
|
- plugins and framework in the same repo
|
||||||
|
|
||||||
How to update source files on fedora.zanata:
|
How to update source files on weblate:
|
||||||
$ git clone git@github.com:fedora-selinux/setroubleshoot.git
|
# install dependencies
|
||||||
$ cd setroubleshoot/framework
|
$ sudo dnf install automake autoconf inittool gettext glib2-devel dbus-devel libnotify-devel gtk3-devel audit-libs-devel
|
||||||
# Update Makefile
|
$ git clone git@gitlab.com:setroubleshoot/framework.git
|
||||||
|
$ git clone git@gitlab.com:setroubleshoot/plugins.git
|
||||||
|
$ cd framework
|
||||||
|
# Update Makefile
|
||||||
$ ./autogen.sh
|
$ ./autogen.sh
|
||||||
# generate new potfile
|
# generate new potfile
|
||||||
$ cd po
|
$ cd po
|
||||||
$ make setroubleshoot.pot
|
$ make setroubleshoot.pot
|
||||||
# Repeat the process for plugins
|
# https://translate.fedoraproject.org/projects/setroubleshoot/setroubleshoot/en/
|
||||||
# Push potfiles to zanata
|
# Files -> Upload translations
|
||||||
$ zanata-cli push --push-type source
|
# Repeat the process for plugins
|
||||||
|
# https://translate.fedoraproject.org/projects/setroubleshoot/plugins/en/
|
||||||
|
# Files -> Upload translations
|
||||||
|
# or use weblate command line tool:
|
||||||
|
$ wlc --key <API key> --url https://translate.fedoraproject.org/api/ upload --input framework/po/setroubleshoot.pot setroubleshoot/setroubleshoot/en
|
||||||
|
$ wlc --key <API key> --url https://translate.fedoraproject.org/api/ upload --input plugins/po/setroubleshoot.pot setroubleshoot/plugins/en/
|
||||||
|
|
||||||
How to pull new translations from zanata
|
How to pull new translations from weblate
|
||||||
$ git clone git@github.com:fedora-selinux/setroubleshoot.git
|
$ git clone git@gitlab.com:setroubleshoot/framework.git
|
||||||
$ cd setroubleshoot
|
$ git clone git@gitlab.com:setroubleshoot/plugins.git
|
||||||
# Make sure "zanata.xml" file pointing to corresponding translations branch is present
|
# https://translate.fedoraproject.org/projects/setroubleshoot/setroubleshoot
|
||||||
# Optionally update source files on zanata
|
# Files -> Download translation files as ZIP file
|
||||||
# Pull new translations from zanata
|
# https://translate.fedoraproject.org/projects/setroubleshoot/plugins/
|
||||||
$ zanata-cli -e pull --pull-type trans
|
# Files -> Download translation files as ZIP file
|
||||||
|
$ unzip setroubleshoot-setroubleshoot.zip
|
||||||
|
$ cp setroubleshoot/setroubleshoot/framework/po/*.po /framework/po
|
||||||
|
$ unzip setroubleshoot-plugins.zip
|
||||||
|
$ cp setroubleshoot/plugins/plugins/po/*.po /plugins/po
|
||||||
|
# wlc doesn't support batch download yet https://github.com/WeblateOrg/wlc/issues/17
|
||||||
|
|
|
@ -1,26 +0,0 @@
|
||||||
diff -up setroubleshoot-3.2.14/po/bn_IN.po~ setroubleshoot-3.2.14/po/bn_IN.po
|
|
||||||
--- setroubleshoot-3.2.14/po/bn_IN.po~ 2013-11-20 10:01:40.717181224 -0500
|
|
||||||
+++ setroubleshoot-3.2.14/po/bn_IN.po 2013-11-20 10:02:47.154195170 -0500
|
|
||||||
@@ -165,9 +165,7 @@ msgstr "উৎসের পà§<C3A0>রকà§<C3A0>à
|
|
||||||
|
|
||||||
#: ../src/browser.py:269
|
|
||||||
msgid "Attempted Access"
|
|
||||||
-msgstr ""
|
|
||||||
-"\n"
|
|
||||||
-"বà§<C3A0>যবহারের পà§<C3A0>রয়াস\n"
|
|
||||||
+msgstr "বà§<C3A0>যবহারের পà§<C3A0>রয়াস"
|
|
||||||
|
|
||||||
#: ../src/browser.py:269
|
|
||||||
msgid "On this"
|
|
||||||
@@ -222,9 +220,8 @@ msgstr ""
|
|
||||||
msgid ""
|
|
||||||
"Report\n"
|
|
||||||
"Bug"
|
|
||||||
-msgstr ""
|
|
||||||
-"বাগ সমà§<C3A0>পরà§<C3A0>কে\n"
|
|
||||||
-"সূচিত করà§<C3A0>ন\n"
|
|
||||||
+msgstr "বাগ সমà§<C3A0>পরà§<C3A0>কে\n"
|
|
||||||
+"সূচিত করà§<C3A0>ন"
|
|
||||||
|
|
||||||
#: ../src/browser.py:543
|
|
||||||
#, python-format
|
|
|
@ -1,195 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# setroubleshoot This starts and stops setroubleshoot daemon
|
|
||||||
#
|
|
||||||
# chkconfig: 345 13 87
|
|
||||||
# description: This starts the SELinux Troubleshooting Daemon
|
|
||||||
#
|
|
||||||
# processname: /usr/sbin/setroubleshootd
|
|
||||||
# config: /etc/setroubleshoot/setroubleshoot.cfg
|
|
||||||
# pidfile: /var/run/setroubleshoot.pid
|
|
||||||
#
|
|
||||||
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: lsb-setroubleshootd
|
|
||||||
# Required-Start: $local_fs $syslog $network $named $messagebus
|
|
||||||
# Required-Stop: $local_fs $syslog $network $named $messagebus
|
|
||||||
# Default-Start: 3 4 5
|
|
||||||
# Default-Stop: 0 1 6
|
|
||||||
# Short-Description: start and stop SELinux Troubleshooting Daemon
|
|
||||||
# Description: controls operation of the SELinux Troubleshooting Daemon
|
|
||||||
# (setroubleshootd) which listens for SELinux AVC denial messages
|
|
||||||
# analyzes it and provides a friendly interpretation.
|
|
||||||
### END INIT INFO
|
|
||||||
|
|
||||||
# Return values according to LSB for all commands but status:
|
|
||||||
# 0 success
|
|
||||||
# 1 generic or unspecified error (current practice)
|
|
||||||
# 2 invalid or excess argument(s)
|
|
||||||
# 3 unimplemented feature (for example, "reload")
|
|
||||||
# 4 user had insufficient privilege
|
|
||||||
# 5 program is not installed
|
|
||||||
# 6 program is not configured
|
|
||||||
# 7 program is not running
|
|
||||||
|
|
||||||
# Command argument
|
|
||||||
# start start the service
|
|
||||||
# stop stop the service
|
|
||||||
# restart stop and restart the service if the service is already running, otherwise start the service
|
|
||||||
# try-restart restart the service if the service is already running
|
|
||||||
# reload cause the configuration of the service to be reloaded without actually stopping and restarting the service
|
|
||||||
# force-reload cause the configuration to be reloaded if the service supports this, otherwise restart the service if it is running
|
|
||||||
# status print the current status of the service
|
|
||||||
|
|
||||||
# start, stop, restart, force-reload, and status actions must be supported
|
|
||||||
# reload and the try-restart actions are optional.
|
|
||||||
# the init script.
|
|
||||||
|
|
||||||
PATH=/sbin:/bin:/usr/bin:/usr/sbin
|
|
||||||
|
|
||||||
# Source function library.
|
|
||||||
. /etc/init.d/functions
|
|
||||||
|
|
||||||
RETVAL=0
|
|
||||||
prog="setroubleshootd"
|
|
||||||
|
|
||||||
usage(){
|
|
||||||
echo $"Usage: $0 {start|stop|status|restart|try-restart|condrestart|reload|force-reload|cleardb [test][verbose]}"
|
|
||||||
}
|
|
||||||
|
|
||||||
command=$1
|
|
||||||
shift
|
|
||||||
|
|
||||||
[ $command ] || (usage; exit 3)
|
|
||||||
|
|
||||||
# look for extra options
|
|
||||||
while [ $# -gt 0 ]; do
|
|
||||||
arg=$1
|
|
||||||
case "$arg" in
|
|
||||||
test)
|
|
||||||
EXTRAOPTIONS="$EXTRAOPTIONS -c audit.text_protocol_socket_path=/tmp/audispd_events"
|
|
||||||
;;
|
|
||||||
verbose)
|
|
||||||
EXTRAOPTIONS="$EXTRAOPTIONS -V"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
echo "unknown arg $arg"
|
|
||||||
esac
|
|
||||||
shift
|
|
||||||
done
|
|
||||||
|
|
||||||
rhstatus(){
|
|
||||||
status $prog
|
|
||||||
RETVAL=$?
|
|
||||||
return $RETVAL
|
|
||||||
}
|
|
||||||
|
|
||||||
# Allow status as non-root and also if SELinux is disabled
|
|
||||||
if [ "$command" = status ]; then
|
|
||||||
rhstatus
|
|
||||||
RETVAL=$?
|
|
||||||
exit $RETVAL
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Silently exit is SELinux is not enabled
|
|
||||||
[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 1
|
|
||||||
|
|
||||||
# Check that we are root ... so non-root users stop here
|
|
||||||
if test `id -u` != 0; then
|
|
||||||
echo "You must be root"
|
|
||||||
exit 4
|
|
||||||
fi
|
|
||||||
|
|
||||||
start(){
|
|
||||||
echo -n $"Starting $prog: "
|
|
||||||
unset HOME MAIL USER USERNAME
|
|
||||||
daemon $prog "$EXTRAOPTIONS"
|
|
||||||
RETVAL=$?
|
|
||||||
echo
|
|
||||||
if test $RETVAL = 0 ; then
|
|
||||||
touch /var/lock/subsys/$prog
|
|
||||||
fi
|
|
||||||
if test $RETVAL = 3 ; then
|
|
||||||
echo -n $"Cannot start $prog: SELinux not enabled"
|
|
||||||
fi
|
|
||||||
return $RETVAL
|
|
||||||
}
|
|
||||||
|
|
||||||
stop(){
|
|
||||||
echo -n $"Stopping $prog: "
|
|
||||||
killproc $prog
|
|
||||||
RETVAL=$?
|
|
||||||
echo
|
|
||||||
rm -f /var/lock/subsys/$prog
|
|
||||||
return $RETVAL
|
|
||||||
}
|
|
||||||
|
|
||||||
reload(){
|
|
||||||
echo -n $"Reloading configuration: "
|
|
||||||
killproc $prog -HUP
|
|
||||||
RETVAL=$?
|
|
||||||
echo
|
|
||||||
return $RETVAL
|
|
||||||
}
|
|
||||||
|
|
||||||
restart(){
|
|
||||||
stop
|
|
||||||
start
|
|
||||||
RETVAL=$?
|
|
||||||
return $RETVAL
|
|
||||||
}
|
|
||||||
|
|
||||||
condrestart(){
|
|
||||||
[ -e /var/lock/subsys/$prog ] && restart
|
|
||||||
RETVAL=0
|
|
||||||
return $RETVAL
|
|
||||||
}
|
|
||||||
|
|
||||||
cleardb(){
|
|
||||||
running=0
|
|
||||||
[ -e /var/lock/subsys/$prog ] && running=1
|
|
||||||
[ $running == 1 ] && stop
|
|
||||||
echo $"Clearing database"
|
|
||||||
rm -f /var/lib/setroubleshoot/database.xml
|
|
||||||
rm -f /var/lib/setroubleshoot/audit_listener_database.xml
|
|
||||||
[ $running == 1 ] && start
|
|
||||||
RETVAL=0
|
|
||||||
return $RETVAL
|
|
||||||
}
|
|
||||||
|
|
||||||
# See how we were called.
|
|
||||||
case "$command" in
|
|
||||||
start)
|
|
||||||
start
|
|
||||||
RETVAL=$?
|
|
||||||
;;
|
|
||||||
stop)
|
|
||||||
stop
|
|
||||||
RETVAL=$?
|
|
||||||
;;
|
|
||||||
status)
|
|
||||||
rhstatus
|
|
||||||
RETVAL=$?
|
|
||||||
;;
|
|
||||||
restart)
|
|
||||||
restart
|
|
||||||
RETVAL=$?
|
|
||||||
;;
|
|
||||||
force-reload|reload)
|
|
||||||
reload
|
|
||||||
RETVAL=$?
|
|
||||||
;;
|
|
||||||
try-restart|condrestart)
|
|
||||||
condrestart
|
|
||||||
RETVAL=$?
|
|
||||||
;;
|
|
||||||
cleardb)
|
|
||||||
cleardb
|
|
||||||
RETVAL=$?
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
usage
|
|
||||||
RETVAL=3
|
|
||||||
esac
|
|
||||||
|
|
||||||
exit $RETVAL
|
|
|
@ -1,26 +1,34 @@
|
||||||
# Disable automatic compilation of Python files in extra directories
|
# Disable automatic compilation of Python files in extra directories
|
||||||
%global _python_bytecompile_extra 0
|
%global _python_bytecompile_extra 0
|
||||||
|
|
||||||
|
%ifarch riscv64
|
||||||
|
%global debug_package %{nil}
|
||||||
|
%endif
|
||||||
|
|
||||||
Summary: Helps troubleshoot SELinux problems
|
Summary: Helps troubleshoot SELinux problems
|
||||||
Name: setroubleshoot
|
Name: setroubleshoot
|
||||||
Version: 3.3.24
|
Version: 3.3.30
|
||||||
Release: 1%{?dist}
|
Release: 2.1.riscv64%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
URL: https://pagure.io/setroubleshoot
|
URL: https://gitlab.com/setroubleshoot/setroubleshoot
|
||||||
Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
|
Source0: https://gitlab.com/setroubleshoot/setroubleshoot/-/archive/%{version}/setroubleshoot-%{version}.tar.gz
|
||||||
Source1: %{name}.tmpfiles
|
Source1: %{name}.tmpfiles
|
||||||
# git format-patch -N setroubleshoot-3.3.24 -- framework
|
Source2: %{name}.sysusers
|
||||||
|
# git format-patch -N 3.3.30
|
||||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||||
Patch0001: 0001-framework-Update-translations.patch
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
|
BuildRequires: make
|
||||||
BuildRequires: libcap-ng-devel
|
BuildRequires: libcap-ng-devel
|
||||||
BuildRequires: intltool gettext python3 python3-devel
|
BuildRequires: intltool gettext python3 python3-devel
|
||||||
BuildRequires: desktop-file-utils dbus-glib-devel gtk2-devel libnotify-devel audit-libs-devel libselinux-devel polkit-devel
|
BuildRequires: desktop-file-utils dbus-glib-devel gtk2-devel libnotify-devel libselinux-devel polkit-devel
|
||||||
BuildRequires: python3-libselinux python3-pydbus python3-gobject gtk3-devel
|
BuildRequires: audit-libs-devel >= 3.0.1
|
||||||
|
BuildRequires: python3-libselinux python3-dasbus python3-gobject gtk3-devel
|
||||||
|
# for the _tmpfilesdir macro
|
||||||
|
BuildRequires: systemd-rpm-macros
|
||||||
Requires: %{name}-server = %{version}-%{release}
|
Requires: %{name}-server = %{version}-%{release}
|
||||||
Requires: gtk3, libnotify
|
Requires: gtk3, libnotify
|
||||||
Requires: libreport-gtk >= 2.2.1-2, python3-libreport
|
Requires: libreport-gtk >= 2.2.1-2, python3-libreport
|
||||||
Requires: python3-gobject, python3-pydbus
|
Requires: python3-gobject, python3-dasbus
|
||||||
Requires(post): desktop-file-utils
|
Requires(post): desktop-file-utils
|
||||||
Requires(post): dbus
|
Requires(post): dbus
|
||||||
Requires(postun): desktop-file-utils
|
Requires(postun): desktop-file-utils
|
||||||
|
@ -36,7 +44,6 @@ Requires: xdg-utils
|
||||||
%global pkgvardatadir %{_localstatedir}/lib/%{name}
|
%global pkgvardatadir %{_localstatedir}/lib/%{name}
|
||||||
%global pkgconfigdir %{_sysconfdir}/%{name}
|
%global pkgconfigdir %{_sysconfdir}/%{name}
|
||||||
%global pkgdatabase %{pkgvardatadir}/setroubleshoot_database.xml
|
%global pkgdatabase %{pkgvardatadir}/setroubleshoot_database.xml
|
||||||
%global username setroubleshoot
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
setroubleshoot GUI. Application that allows you to view setroubleshoot-server
|
setroubleshoot GUI. Application that allows you to view setroubleshoot-server
|
||||||
|
@ -50,7 +57,7 @@ to user preference. The same tools can be run on existing log files.
|
||||||
%{pkgguidir}
|
%{pkgguidir}
|
||||||
%config(noreplace) %{_sysconfdir}/xdg/autostart/*
|
%config(noreplace) %{_sysconfdir}/xdg/autostart/*
|
||||||
%{_datadir}/applications/*.desktop
|
%{_datadir}/applications/*.desktop
|
||||||
%{_datadir}/appdata/*.appdata.xml
|
%{_metainfodir}/*.appdata.xml
|
||||||
%{_datadir}/dbus-1/services/sealert.service
|
%{_datadir}/dbus-1/services/sealert.service
|
||||||
%{_datadir}/icons/hicolor/*/*/*
|
%{_datadir}/icons/hicolor/*/*/*
|
||||||
%dir %attr(0755,root,root) %{pkgpythondir}
|
%dir %attr(0755,root,root) %{pkgpythondir}
|
||||||
|
@ -62,11 +69,11 @@ to user preference. The same tools can be run on existing log files.
|
||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p 2
|
%autosetup -p 1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -f
|
./autogen.sh
|
||||||
%configure PYTHON=%{__python3} --enable-seappletlegacy=yes --with-auditpluginsdir=/etc/audit/plugins.d
|
%configure PYTHON=%{__python3} --enable-seappletlegacy=no --with-auditpluginsdir=/etc/audit/plugins.d
|
||||||
make
|
make
|
||||||
|
|
||||||
%install
|
%install
|
||||||
|
@ -78,7 +85,8 @@ touch %{buildroot}%{pkgdatabase}
|
||||||
touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
|
touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
|
||||||
rm -rf %{buildroot}/usr/share/doc/
|
rm -rf %{buildroot}/usr/share/doc/
|
||||||
# create /run/setroubleshoot on boot
|
# create /run/setroubleshoot on boot
|
||||||
install -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
|
install -p -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
|
||||||
|
install -p -m644 -D %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/%{name}.conf
|
||||||
|
|
||||||
|
|
||||||
%find_lang %{name}
|
%find_lang %{name}
|
||||||
|
@ -87,7 +95,7 @@ install -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
|
||||||
Summary: SELinux troubleshoot server
|
Summary: SELinux troubleshoot server
|
||||||
|
|
||||||
Requires: %{name}-plugins >= 3.3.10
|
Requires: %{name}-plugins >= 3.3.10
|
||||||
Requires: audit >= 3
|
Requires: audit >= 3.0.1
|
||||||
Requires: audit-libs-python3
|
Requires: audit-libs-python3
|
||||||
Requires: libxml2-python3
|
Requires: libxml2-python3
|
||||||
Requires: rpm-python3
|
Requires: rpm-python3
|
||||||
|
@ -95,12 +103,12 @@ Requires: libselinux-python3 >= 2.1.5-1
|
||||||
Requires: policycoreutils-python-utils
|
Requires: policycoreutils-python-utils
|
||||||
BuildRequires: intltool gettext python3
|
BuildRequires: intltool gettext python3
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
Requires: python3-slip-dbus systemd-python3 >= 206-1
|
Requires: systemd-python3 >= 206-1
|
||||||
Requires: python3-gobject-base >= 3.11
|
Requires: python3-gobject-base >= 3.11
|
||||||
Requires: dbus
|
Requires: dbus
|
||||||
Requires: python3-dbus python3-pydbus
|
Requires: python3-dbus python3-dasbus
|
||||||
Requires: polkit
|
Requires: polkit
|
||||||
Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd
|
Requires: initscripts-service
|
||||||
|
|
||||||
%description server
|
%description server
|
||||||
Provides tools to help diagnose SELinux problems. When AVC messages
|
Provides tools to help diagnose SELinux problems. When AVC messages
|
||||||
|
@ -109,7 +117,7 @@ about the problem and help track its resolution. Alerts can be configured
|
||||||
to user preference. The same tools can be run on existing log files.
|
to user preference. The same tools can be run on existing log files.
|
||||||
|
|
||||||
%pre server
|
%pre server
|
||||||
getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgvardatadir} %{username}
|
%sysusers_create_compat %{SOURCE2}
|
||||||
|
|
||||||
%post server
|
%post server
|
||||||
/sbin/service auditd reload >/dev/null 2>&1 || :
|
/sbin/service auditd reload >/dev/null 2>&1 || :
|
||||||
|
@ -117,9 +125,6 @@ getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgv
|
||||||
%postun server
|
%postun server
|
||||||
/sbin/service auditd reload >/dev/null 2>&1 || :
|
/sbin/service auditd reload >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%triggerun server -- %{name}-server < 3.2.24-4
|
|
||||||
chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
|
|
||||||
|
|
||||||
%files server -f %{name}.lang
|
%files server -f %{name}.lang
|
||||||
%{_bindir}/sealert
|
%{_bindir}/sealert
|
||||||
%{_sbindir}/sedispatch
|
%{_sbindir}/sedispatch
|
||||||
|
@ -172,7 +177,7 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
|
||||||
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootPrivileged.conf
|
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootPrivileged.conf
|
||||||
%attr(0700,setroubleshoot,setroubleshoot) %dir %{pkgvardatadir}
|
%attr(0700,setroubleshoot,setroubleshoot) %dir %{pkgvardatadir}
|
||||||
%ghost %attr(0600,setroubleshoot,setroubleshoot) %{pkgdatabase}
|
%ghost %attr(0600,setroubleshoot,setroubleshoot) %{pkgdatabase}
|
||||||
%ghost %attr(0644,setroubleshoot,setroubleshoot) %{pkgvardatadir}/email_alert_recipients
|
%ghost %attr(0600,setroubleshoot,setroubleshoot) %{pkgvardatadir}/email_alert_recipients
|
||||||
%{_mandir}/man1/seapplet.1.gz
|
%{_mandir}/man1/seapplet.1.gz
|
||||||
%{_mandir}/man8/sealert.8.gz
|
%{_mandir}/man8/sealert.8.gz
|
||||||
%{_mandir}/man8/sedispatch.8.gz
|
%{_mandir}/man8/sedispatch.8.gz
|
||||||
|
@ -184,22 +189,92 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
|
||||||
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootFixit.conf
|
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootFixit.conf
|
||||||
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
|
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
|
||||||
%attr(0644,root,root) %{_tmpfilesdir}/%{name}.conf
|
%attr(0644,root,root) %{_tmpfilesdir}/%{name}.conf
|
||||||
|
%attr(0644,root,root) %{_sysusersdir}/%{name}.conf
|
||||||
%attr(0711,setroubleshoot,setroubleshoot) %dir %{_rundir}/setroubleshoot
|
%attr(0711,setroubleshoot,setroubleshoot) %dir %{_rundir}/setroubleshoot
|
||||||
%doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO
|
%doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO
|
||||||
|
|
||||||
%package legacy
|
|
||||||
Summary: SELinux troubleshoot legacy applet
|
|
||||||
|
|
||||||
Requires: gtk2
|
|
||||||
Requires: %{name} = %{version}-%{release}
|
|
||||||
|
|
||||||
%description legacy
|
|
||||||
SELinux troubleshoot legacy applet
|
|
||||||
|
|
||||||
%files legacy
|
|
||||||
%{_bindir}/seappletlegacy
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 08 2022 David Abdurachmanov <davidlt@rivosinc.com> - 3.3.30-2.1.riscv64
|
||||||
|
- Rebuilt (no other changes)
|
||||||
|
|
||||||
|
* Mon Aug 08 2022 David Abdurachmanov <davidlt@rivosinc.com> - 3.3.30-2.0.riscv64
|
||||||
|
- Disable debug packages for riscv64
|
||||||
|
|
||||||
|
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.30-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jun 28 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.30-1
|
||||||
|
- Miscellaneous python and build system changes
|
||||||
|
- Fix couple of typos
|
||||||
|
- Drop Python2 support
|
||||||
|
- Use inspect.signature() instead of instead.getargspec()
|
||||||
|
- Update translations
|
||||||
|
|
||||||
|
* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 3.3.29-2
|
||||||
|
- Rebuilt for Python 3.11
|
||||||
|
|
||||||
|
* Wed Mar 30 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.29-1
|
||||||
|
- Introduce email.use_sendmail option
|
||||||
|
- Update translations
|
||||||
|
|
||||||
|
* Wed Feb 09 2022 Timothée Ravier <tim@siosm.fr> - 3.3.28-3
|
||||||
|
- Install systemd-sysusers config
|
||||||
|
- Remove Requires(pre) useradd & groupadd
|
||||||
|
|
||||||
|
* Tue Feb 8 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.28-2
|
||||||
|
- Use %sysusers_create_compat instead of useradd
|
||||||
|
- Set right ownership on /var/lib/setroubleshoot
|
||||||
|
|
||||||
|
* Tue Feb 8 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.28-1
|
||||||
|
- Look for modules in /usr/share/selinux/packages
|
||||||
|
- Always use rpm source package for reporting
|
||||||
|
- Improve after_first email filter behavior
|
||||||
|
|
||||||
|
* Wed Jan 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.27-2
|
||||||
|
- Improve DSP module reporting
|
||||||
|
- Require initscripts-service - /sbin/service
|
||||||
|
|
||||||
|
* Thu Jan 13 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.27-1
|
||||||
|
- sedispatch: check read_size
|
||||||
|
- SafeConfigParser is deprecated and will be dropped
|
||||||
|
- Fix typos in --help, man pages and developer's guide
|
||||||
|
- Update translations
|
||||||
|
|
||||||
|
* Tue Jul 27 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-5
|
||||||
|
- Improve sedispatch performance
|
||||||
|
- Improve Python 3.10 compatibility
|
||||||
|
https://pagure.io/setroubleshoot/issue/58
|
||||||
|
|
||||||
|
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.26-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||||
|
|
||||||
|
* Fri Jul 2 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-3
|
||||||
|
- Fix file mode of email_alert_recipients
|
||||||
|
|
||||||
|
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 3.3.26-2
|
||||||
|
- Rebuilt for Python 3.10
|
||||||
|
|
||||||
|
* Thu Apr 15 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-1
|
||||||
|
- Fix plugin exception reporting
|
||||||
|
- Update translations
|
||||||
|
- Stop SetroubleshootFixit after 10 seconds of inactivity
|
||||||
|
- Do not use Python slip package
|
||||||
|
|
||||||
|
* Wed Mar 10 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.25-1
|
||||||
|
- Use Python dasbus instead of pydbus
|
||||||
|
- Optimize get_rpm_nvr_by_type by adding a cache
|
||||||
|
- Update translations
|
||||||
|
|
||||||
|
* Tue Feb 02 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-4
|
||||||
|
- sealert: exit on any connection close
|
||||||
|
|
||||||
|
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.24-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jan 16 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-2
|
||||||
|
- framework/util: optimize get_rpm_nvr_by_type by adding a cache
|
||||||
|
- Stop building seappletlegacy
|
||||||
|
|
||||||
* Tue Oct 13 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.24-1
|
* Tue Oct 13 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.24-1
|
||||||
- Add 'fur' into shipped locales
|
- Add 'fur' into shipped locales
|
||||||
- Update translations
|
- Update translations
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
u setroubleshoot - "SELinux troubleshoot server" /var/lib/setroubleshoot
|
|
@ -1 +1,2 @@
|
||||||
d /run/setroubleshoot 711 setroubleshoot setroubleshoot -
|
d /run/setroubleshoot 711 setroubleshoot setroubleshoot -
|
||||||
|
Z /var/lib/setroubleshoot - setroubleshoot setroubleshoot -
|
||||||
|
|
2
sources
2
sources
|
@ -1 +1 @@
|
||||||
SHA512 (setroubleshoot-3.3.24.tar.gz) = ba96206fe135a719b685c825a69ebf7f9f6d99c6a24fb135763da9cee5ad14b1afdca5da1465374d327eb51ff830727a20b79ec51902e50f2e790661c63c0a0d
|
SHA512 (setroubleshoot-3.3.30.tar.gz) = 49955fdba875b2c1b6e338cf37bb0805cb33a515d45aac66a89885b32d8caa67f7fbd6ac0e6de7b1beb6b144c48b466e45913c7e58c7e794339842dc97c12464
|
||||||
|
|
Loading…
Reference in New Issue