setroubleshoot/setroubleshoot.spec
Daniel J Walsh 02e708961a auto-import setroubleshoot-1.8.8-1 on branch devel from
setroubleshoot-1.8.8-1.src.rpm
2006-12-09 19:21:39 +00:00

532 lines
22 KiB
RPMSpec

Summary: Helps troubleshoot SELinux problems
Name: setroubleshoot
Version: 1.8.8
Release: 1%{?dist}
License: GPL
Group: Applications/System
URL: http://www.redhat.com/
Source0: %{name}-%{version}.tar.gz
Source1: setroubleshoot.init
Source2: setroubleshoot.logrotate
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildArch: noarch
BuildRequires: perl-XML-Parser
Requires: gnome-python2-gtkhtml2
Requires: python-elementtree
%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
%define pkgpythondir %{python_sitelib}/%{name}
%define pkgdocdir %{_datadir}/doc/%{name}-%{version}
%define pkgdatadir %{_datadir}/%{name}
%define pkglibexecdir %{_prefix}/libexec/%{name}
%define pkgvardatadir %{_localstatedir}/lib/%{name}
%define pkgrundir %{_localstatedir}/run/%{name}
%define pkgconfigdir %{_sysconfdir}/%{name}
%define pkglogdir %{_localstatedir}/log/%{name}
Requires: audit >= 1.2.6-3
Requires: audit-libs-python >= 1.2.6-3
Requires: libselinux >= 1.30.15-1
Requires: pygtk2 >= 2.9.2
Requires: notify-python
Requires: pygtk2-libglade
BuildRequires: intltool gettext python
Requires(post): /sbin/chkconfig
Requires(post): /sbin/service
Requires(post): /usr/bin/update-desktop-database
Requires(preun): /sbin/chkconfig
Requires(preun): /sbin/service
Requires(postun): /usr/bin/update-desktop-database
%description
Provides tools to help diagnose SELinux problems. When AVC messages
are generated an alert can be generated that will give information
about the problem and help track its resolution. Alerts can be configured
to user preference. The same tools can be run on existing log files.
%prep
%setup -q
%build
%configure
make
%install
rm -rf %{buildroot}
make DESTDIR=%{buildroot} install
%{__install} -D -m755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d/%{name}
%{__install} -D -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
touch %{buildroot}%{pkgvardatadir}/database.xml
%find_lang %{name}
%post
[ -f %{pkgvardatadir}/database.xml ] && chmod 644 %{pkgvardatadir}/database.xml
/usr/bin/update-desktop-database %{_datadir}/applications
/sbin/chkconfig --add %{name}
/sbin/service %{name} condrestart >/dev/null 2>&1 || :
%preun
if [ $1 = 0 ]; then
/sbin/service %{name} stop >/dev/null 2>&1
/sbin/chkconfig --del %{name}
fi
%triggerpostun -- setroubleshoot <= 0.35-1
/sbin/service %{name} cleardb
%postun
/usr/bin/update-desktop-database %{_datadir}/applications
%clean
rm -rf %{buildroot}
%files -f %{name}.lang
%defattr(-,root,root,-)
%doc %{pkgdocdir}
%{_bindir}/*
%{_sbindir}/*
%{pkgpythondir}
%{pkgdatadir}
%dir %attr(0755,root,root) %{pkgconfigdir}
%config(noreplace) %{pkgconfigdir}/%{name}.cfg
%dir %{pkglogdir}
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
%dir %{pkgrundir}
%dir %{pkgvardatadir}
%ghost %attr(0644,root,root) %{pkgvardatadir}/database.xml
%{_mandir}/man8/sealert.8.gz
/etc/rc.d/init.d/%{name}
%{_sysconfdir}/xdg/autostart/*
%{_datadir}/applications/*.desktop
%{_datadir}/dbus-1/services/sealert.service
%changelog
* Sat Dec 8 2006 Dan Walsh <dwalsh@redhat.com> - 1.8.8-1
- Change sealert to be able to run without X-Windows
* Fri Dec 8 2006 Dan Walsh <dwalsh@redhat.com> - 1.8.7-1
- Additional Translations
- Change avc_audit.py to allow it to analyze /var/log/messages
* Mon Dec 4 2006 John Dennis <jdennis@redhat.com> - 1.8.6-1
- Resolves: bug# 218150,
"If view is set to "hide delete" you cannot filter new entries"
Actually, the bug was toggle cell renderer was connected to the
base model instead of the model attached to the view, the sort
model, this meant the toggle was occuring on the wrong row if
the view was sorted differently than the base model.
* Fri Dec 1 2006 John Dennis <jdennis@redhat.com> - 1.8.5-1
- fix bug, "could not convert path to a GtkTreePath" when database
is initially empty, caused by last_selected_row == None
* Thu Nov 30 2006 John Dennis <jdennis@redhat.com> - 1.8.3-1
- Resolves: bug# 217961, sealert needs pygtk2-libglade
- more i18n translations
- Resolves: bug# 217710, date representation did not respect locale,
at the same time remove old date formatting code, now cruft since
we can't use it because it was specific to US English.
- fix how selections are handled when rows are expunged.
- add Copy to Edit menu, for copying selection from detail pane,
unfortunately gtkhtml2 widget does not preserve line breaks between
table rows.
* Tue Nov 28 2006 John Dennis <jdennis@redhat.com> - 1.8.1-1
- Resolves: bug# 216936, bug# 215290, add 'Copy Alert' edit menu item
- clean up menu items, add tooltips
- fix printing so it will work with multiple alerts, force font to
monospace 10pt, display error dialog if printing fails.
- Resolves: bug# 216908, platform and raw audit messages were not wrapped
to fit on page.
- Related: bug# 216575, update i18n po files
- Resolves: bug# 216941, set default folder for save operation, also set
default filename
- Resolves: #bug 216327 add menu items "toggle hide deleted", "select none". Add model
filter to control visibility of alerts
- Resolves: bug# 214218, sealert with no command line
arguments induces startup as dbus service, this had been a
regression.
- Resolves: bug# 216327, rework how deletes are performed in browser. Delete
now marks each seleted siginfo with a delete flag, expunge
permanently deletes siginfo's marked for deletion, also add undelete
command, removed delete confirmation dialog. Modify how text
attributes in cell renderer are computed to allow for
strike-throughs of alerts marked for deletion.
- multiple alerts can now be selected, add select all command,
* Tue Nov 23 2006 Dan Walsh <dwalsh@redhat.com> - 1.7.1-1
- New Icon and translations
* Tue Nov 21 2006 Dan Walsh <dwalsh@redhat.com> - 1.7-1
[John Dennis <jdennis@redhat.com>]
- Add command line utilities
- logfile scanning finally seems to work connected to browser
- Additional Information section of report now includes line
number information (if alert was generated from logfile)
- replace database update_callback() with notify interface, a more
generic solution more easily shared between components
- object implementing rpc method is now explicitly attached via
connect_rpc_interface() instead of walking the MRO chain with
magic exclusions. explicitly connecting is more flexible and
robust (no getting the wrong object by mistake)
- fix handling of return args in local rpc case
- fix signal connections between audit and logfile
- split databae and database_properties for audit and logfile
- fix initial connection state
- fix lookup_local_id
* Wed Nov 8 2006 Dan Walsh <dwalsh@redhat.com> - 1.5-1
- Speed up startup of service
* Tue Nov 6 2006 Dan Walsh <dwalsh@redhat.com> - 1.4-1
- Many fixes
- Changed the api
* Tue Oct 24 2006 Dan Walsh <dwalsh@redhat.com> - 1.3-1
- Speed enhancments
[John Dennis <jdennis@redhat.com>]
- log file parsing now approx 4 times faster
- greatly enhance the statistics reporting capability in attempt
to diagnose slow log file parsing performance
- make gathering of environmenatal information optional,
environment information is only relevant at the time the
alert fires, not in a post processing scenario
- clean up several places where environmental information was
assumed and/or was always gathered, or gathered in the wrong place.
* Tue Oct 17 2006 Dan Walsh <dwalsh@redhat.com> - 1.2-1
- Fix signature for PORT_NUMBER src command
* Tue Oct 3 2006 Dan Walsh <dwalsh@redhat.com> - 1.1-1
- Additional Plugins for port_t and device_t and mislabled files.
* Tue Oct 3 2006 Dan Walsh <dwalsh@redhat.com> - 1.0-1
- Release of first version
- Fix icon
[John Dennis <jdennis@redhat.com>]
- Memory leak fixes
- Substitution fixes
- File names in hex fixes
* Fri Sep 29 2006 Dan Walsh <dwalsh@redhat.com> - 0.48-1
- Sealert only notify dropped connection once
- setroubleshoot shutdown cleanly
[John Dennis <jdennis@redhat.com>]
- Gui cleanups
* Wed Sep 27 2006 Dan Walsh <dwalsh@redhat.com> - 0.47-1
- Change close key binding to ctrl-w
* Tue Sep 26 2006 Dan Walsh <dwalsh@redhat.com> - 0.46-1
- Add new plugins cvs_data, rsync_data, xen_image, swapfile, samba_share
[John Dennis <jdennis@redhat.com>]
- clear the GUI of old data before loading new data,
fix the code used to display the filter icon in the filter column
* Tue Sep 26 2006 Dan Walsh <dwalsh@redhat.com> - 0.45-1
[John Dennis <jdennis@redhat.com>]
- Major rewrite of the client/server RPC code,
* Sat Sep 16 2006 Dan Walsh <dwalsh@redhat.com> - 0.44-1
- Fix Affected RPMS handling
* Fri Sep 15 2006 Dan Walsh <dwalsh@redhat.com> - 0.43-1
- Fix mail handling
- fix bugs related to recording per user per signature filtering
[John Dennis <jdennis@redhat.com>]
- fix bugs related to recording per user per signature filtering
[Karl MacMillan <kmacmill@redhat.com>]
- Add signal handling to client and server.
- Fix minor plugin bugs.
* Thu Sep 7 2006 Dan Walsh <dwalsh@redhat.com> - 0.42-1
[Karl MacMillan <kmacmill@redhat.com>]
- Add rpm information for target.
- Add hostname and uname to signature info
- Add display of the full AVC
- Add display of the analysis id
- Change html generation to be separated out and us elemmenttree
[John Dennis <jdennis@redhat.com>]
- add CommunicationChannel class to encapsulate data transfer
operations, in particular to provide an object threads can lock
during data transfer.
- checkpoint the logfile scanning code, somewhat working
* Fri Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 0.41-1
- Fix printing
* Fri Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 0.40-1
- Fix notification window problems. Now dissappears and does not regenerate if
it has already been seen
* Fri Aug 31 2006 Dan Walsh <dwalsh@redhat.com> - 0.39-1
- Add Icon
[John Dennis <jdennis@redhat.com>]
- dispatcher.py: rework how audit messages injected into the
system and processed. Much of this work was in support of log file
scanning which should be coupled to the exact same processing code
as audit messages arriving from the audit socket. In essence log
file scanning synthesizes an audit message and we inject it into
the system the same way socket messages are injected. This was
also an excellent moment correctly handle out of order audit
messages, something we were not able to handle previously. This
may have been contributing to splitting what should have been a
single alert into two or more separate alerts because we didn't
recongize the incoming audit events as a single event. Correctly
assembling out of order messages introduced a fair amount of extra
complexity as we now maintain a cache of recent audit events, this
is fully documented in dispatcher.py
- Turn notifications back on by default.
[Karl MacMillan <kmacmill@redhat.com>]
- Separated out HTML rendering and made it easier to translate.
* Fri Aug 30 2006 Dan Walsh <dwalsh@redhat.com> - 0.38-1
[Dan Walsh]
- Hook up the rest of the menu bars on browser window
- Add public_content.py plugin
[John Dennis <jdennis@redhat.com>]
- add delete_signatures() method to AlertClient class
- start using the AppBar in the browser.
- "open logfile" now connected all the way from browser menu
to server rpc, still needs implementation, but "plumbing" is working.
- fixes for the date/time dialog
- remove install of setroubleshoot.glade, we now only use
setroubleshoot_browser.glade
- some fixed to DateTimeDialog
* Fri Aug 25 2006 Dan Walsh <dwalsh@redhat.com> - 0.37-1
- Add back in the status icon
* Thu Aug 24 2006 John Dennis <jdennis@redhat.com> - 0.36-1
- change dbclear trigger to 0.35
* Thu Aug 24 2006 John Dennis <jdennis@redhat.com> - 0.35-1
- add sorting on category column and seen column in browser,
fix reference to my_draw() in print function.
- make browser window hidden by default so it does not flash
when it's first realized, connect to the "realize" signal to
initially position the vpane, add signal handlers to track
when the browser is visible, the presentation of the status
icon now checks if the browser is visible, the status icon is
not presented if the browser is already displayed.
* Thu Aug 22 2006 Dan Walsh <dwalsh@redhat.com> - 0.34-1
- Standardize on the browser. remove alert window
[John Dennis <jdennis@redhat.com>]
- remove all vestiges of popup alert, now browser is the only
UI game in town
- restore the automatic updating of the browser window which had
been a regression, the AlertClient class now emits signals which
the GUI classes can connect to receive signals from the fault server,
also fix the "mark seen" regression
- browser.py: restore mark_seen timeout
* Tue Aug 22 2006 Dan Walsh <dwalsh@redhat.com> - 0.33-1
- Spell check plugins
- fix dbus instantiation
* Tue Aug 22 2006 Dan Walsh <dwalsh@redhat.com> - 0.32-1
- Add avc_syslog to syslog translated avc message
- Fix submitbug button
[John Dennis <jdennis@redhat.com>]
- fix signature inflation, all data attached to a signature is now
encapsulated in a SEFaultSignatureInfo (siginfo) class. The GUI no
longer reaches into a signature looking for information, it looks
in the siginfo. The Plugin class now defines the method
get_signature() which report() calls to obtain the signature. The
default signature provided by the Plugin class includes the
analysisID, an AVC with just the src & target contexts, and the
object_path. All data accesses and parameters which had been "sig
and solution" are now done via the unified siginfo class. There is
still a bit more work to be done on this but this represents a
reasonble point to checkpoint the code in CVS.
* Tue Aug 22 2006 Dan Walsh <dwalsh@redhat.com> - 0.31-1
- Fix desktop
* Tue Aug 22 2006 John Dennis <jdennis@redhat.com> - 0.30-1
- fix bug #203479, missing requires of audit-libs-python
- add support to sealert to listen on a dbus session signal to display
the gui. This is needed for when the status icon is not visible and
the user wants to see the UI. There is now a seperate program
setroubleshoot_launch_gui which emits the signal.
* Tue Aug 22 2006 Dan Walsh <dwalsh@redhat.com> - 0.29-1
- Add Requires: audit-libs-python
- Add translations
* Mon Aug 21 2006 Dan Walsh <dwalsh@redhat.com> - 0.28-1
- Fix allow_execmem.py file
- Add translations
* Mon Aug 21 2006 John Dennis <jdennis@redhat.com> - 0.27-1
- load_plugins() now catches exceptions when a plugin won't load,
reports the traceback in the log file, and continues with the next
plugin. Previously a bad plugin caused the entire plugin loading
to abort and no plugins were loaded.
- Add "daemon_name" to automake variables, change pid file to match
- turn off "noreplace" on config file till things settle down a bit
- browser.py now validates data, also test for missing column data in the
cell_data function to avoid exceptions.
- add stub for analyzie_logfile() rpc call
- turn off balloon notifications by default in config file,
libnotify is just plain busted at this point :-(
- only the setroubleshootd daemon creates it's log file
under /var/log now, the user app's do it in /tmp, change file
permissions on /var/log/setroubleshoot back to 0644.
- sealert now looks up the username rather than hardcoding it to "foo"
- CamelCase to lowercase_underscore clean up
* Mon Aug 21 2006 Dan Walsh <dwalsh@redhat.com> - 0.26-1
- Zero out datbase.xml for updated browser
* Mon Aug 21 2006 Dan Walsh <dwalsh@redhat.com> - 0.25-1
- Fix 64 bit issue that caused runaway problem
* Sun Aug 20 2006 Dan Walsh <dwalsh@redhat.com> - 0.24-1
- add missing runcmd
* Thu Aug 17 2006 John Dennis <jdennis@redhat.com> - 0.23-1
- fix for bug #202206, require correct version of audit,
fixes for audit connection.
* Thu Aug 10 2006 Dan Walsh <dwalsh@redhat.com> - 0.20-1
- add html support
- remove setroubleshoot_dispatcher
* Tue Aug 8 2006 Dan Walsh <dwalsh@redhat.com> - 0.19-1
2006-08-08 Dan Walsh <dwalsh@redhat.com>
- Fix up handling of mls ranges in context
- Cleanup some pychecker errors
2006-08-07 John Dennis <jdennis@redhat.com>
- add first seen, last seen, and report count to alert detail view
- make the seen icon work, if the alert has been displayed more
than N seconds, mark the alert as having been seen by the user
and update the icon is the list view
- change the schema for the xml data; the database now has a version,
there is a local id attached to each signature, the filter list in
the siginfo was replaced by a list of per user data, the per user
data now contains the filter, seen_flag. Modify all the code which
was operating on the filter information to use the new model.
- fix the xml serialization so that booleans can be used as a basic
type and also so that non-string types can be used in element
attributes (e.g. int, bool) and the serialization code will
automatically convert between python types and strings.
* Mon Aug 7 2006 Dan Walsh <dwalsh@redhat.com> - 0.18-1
- Add dispatcher.py
* Sat Aug 5 2006 Dan Walsh <dwalsh@redhat.com> - 0.17-1
[John Dennis <jdennis@redhat.com>]
- clean up and rework the timestamp code in util.py so that
time zones are handled properly, there were a number of bugs.
Hopefully it's correct now because timezone handling is a pain.
- change the time format in the browser so all times are displayed
identically, the friendly time relative format was hard to compare.
- modify the plugin 'make install' to delete all existing plugin's
prior to installing the new ones
- add popup menu to status icon to choose between browser and
alert GUI (not fully connected yet). Several bug fixes related
to changing the filter_type from a string to an int.
- add filter selection to bottom pane, change filter_type from
string to integer constant. Enhance how columns are handled.
Get init_combo_box to work. Remove unused RPM and Bugzilla
fields from bottom pane. Modify the default size of the browser
window. Fix missing import in util.py.
- add ability in broswer to sort on columns, initially the report
count column and the last seen date column. The date column now
stores a TimeStamp object instead of a string. Add new method
to TimeStamp to return a friendly string relative to the current
time. The date column in the browser now has a cell data function
which invokes the friendly format method of the TimeStamp object.
- add ability fo serialize to/from xml for classes which can
inititialized from strings and serialized as strings (e.g. numbers,
TimeStamps, etc.)
- add count of how many times a signature is reported, the date
when first and last reported, add columns for report count and
last date count to browser.
- checkpoint browser code, list pane and detail pane now working.
- add initial support for browser applet, move some functions which
kept getting reused to util.py
- add reporting of environment to email alert (email alerts still
need work)
[Dan Walsh <dwalsh@redhat.com>]
- Fix disable_trans.py set_boolean call
- Complete all boolean plugins except disable
- Change interface to use audit unix domain socket
* Mon Jul 28 2006 Dan Walsh <dwalsh@redhat.com> - 0.16-1
[John Dennis <jdennis@redhat.com>]
- modify SetFilter in server to return errors instead of
throwing an exception. Default the filter list on each alert display.
- minor tweaks to alert queue handling
- fix analyze() parameter list in ftp_is_daemon.py plugin
- sealert now responds to pending alerts more correctly, it shows
how many pending alerts are in the queue, if you filter the pending
alert status is updated, the next alert button will advance you
to the next alert in the queue
- simplify major pieces of sealert by coalescing common code
into subroutines.
[Dan Walsh <dwalsh@redhat.com>]
- Complete all boolean plugins except disable
- Make Close button work.
- Make setroubleshoot_dispatcher exit if it gets an avc about itself
* Mon Jul 26 2006 Dan Walsh <dwalsh@redhat.com> - 0.15-1
[Karl MacMillan <kmacmill@redhat.com>]
- Add generic templating mechanism to Plugin
- Ported all plugins to use templating mechanism
* Sat Jul 22 2006 Dan Walsh <dwalsh@redhat.com> - 0.13-1
- Fixes to plugins
- Fixes to dispatcher
* Fri Jul 21 2006 Dan Walsh <dwalsh@redhat.com> - 0.12-1
- Fix problem in dispatcher
* Fri Jul 21 2006 John Dennis <jdennis@redhat.com> - 0.11-1
- add email alerts
- stop the status icon from blinking, add notification balloon.
* Fri Jul 21 2006 Dan Walsh <dwalsh@redhat.com> - 0.10-1
- Fix startup order for setrobleshoot
- Fix Plugins
* Tue Jul 20 2006 Dan Walsh <dwalsh@redhat.com> - 0.9-1
- Additional Plugins plus a lot of cleanup
* Mon Jul 19 2006 Dan Walsh <dwalsh@redhat.com> - 0.8-1
- Added a bunch more plugins
[Karl MacMillan <kmacmill@redhat.com>]
- Add allow_cvs_read_shadow.py, allow_ftp_use_cifs, allow_ftp_use_nfs, and allow_gssd_read_tmp.
- Change AVC to have additional helpers for matching messages.
- Change Plugin to work better with more than one solution.
* Mon Jul 19 2006 Dan Walsh <dwalsh@redhat.com> - 0.7-1
- Fix setroubleshoot_dispatcher to catch all information from
avc. Much cleaner interface and no longer uses audit2allow cruft.
- Remove toolbar from popup window since it did nothing, and I
think it looks better without it.
- fix allow_execmod plugin to report better data.
* Mon Jun 26 2006 John Dennis <jdennis@redhat.com> - 0.3-1
- add missing /var/log directory %files section in spec file,
and add logrotate script
* Mon Jun 26 2006 John Dennis <jdennis@redhat.com> - 0.2-1
- clean up spec file, reduce rpmlint complaints
* Fri May 19 2006 John Dennis <jdennis@redhat.com> - 0.1-1
- Initial build.