rpms
/
setroubleshoot
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
setroubleshoot/0006-Export-setroubleshoot....

163 lines
6.0 KiB
Diff
Raw Blame History

From 5242f26ab29c7787a6071d10bf613e6b283512ef Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Mon, 24 Feb 2020 19:04:25 +0100
Subject: [PATCH] Export setroubleshoot.utils.get_rpm_nvr_by_scontext via DBUS
$ dbus-send --system --print-reply --dest=org.fedoraproject.SetroubleshootPrivileged \
/org/fedoraproject/SetroubleshootPrivileged/object \
org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext \
string:"system_u:system_r:mysqld_log_t:s0"
org.fedoraproject.SetroubleshootPrivileged is available only for
`setroubleshoot` user and it's supposed to be a privileged helper which is used
by `setroubleshootd`
---
framework/Makefile.am | 7 ++-
...edoraproject.SetroubleshootPrivileged.conf | 20 +++++++
...raproject.SetroubleshootPrivileged.service | 4 ++
framework/src/Makefile.am | 3 +-
framework/src/SetroubleshootPrivileged.py | 57 +++++++++++++++++++
5 files changed, 88 insertions(+), 3 deletions(-)
create mode 100644 framework/org.fedoraproject.SetroubleshootPrivileged.conf
create mode 100644 framework/org.fedoraproject.SetroubleshootPrivileged.service
create mode 100644 framework/src/SetroubleshootPrivileged.py
diff --git a/framework/Makefile.am b/framework/Makefile.am
index 56a8b37fa037..f330b7c3e112 100644
--- a/framework/Makefile.am
+++ b/framework/Makefile.am
@@ -14,12 +14,15 @@ dbus_session_DATA = sealert.service
dbus_systemservicedir = $(datadir)/dbus-1/system-services
dbus_systemservice_DATA = \
org.fedoraproject.Setroubleshootd.service \
- org.fedoraproject.SetroubleshootFixit.service
+ org.fedoraproject.SetroubleshootFixit.service \
+ org.fedoraproject.SetroubleshootPrivileged.service
dbus_systemdir = $(sysconfdir)/dbus-1/system.d
dbus_system_DATA = \
org.fedoraproject.Setroubleshootd.conf \
- org.fedoraproject.SetroubleshootFixit.conf
+ org.fedoraproject.SetroubleshootFixit.conf \
+ org.fedoraproject.SetroubleshootPrivileged.conf
+
polkit_systemdir = $(datadir)/polkit-1/actions
polkit_system_DATA = \
diff --git a/framework/org.fedoraproject.SetroubleshootPrivileged.conf b/framework/org.fedoraproject.SetroubleshootPrivileged.conf
new file mode 100644
index 000000000000..aaa0a0f661d3
--- /dev/null
+++ b/framework/org.fedoraproject.SetroubleshootPrivileged.conf
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
+
+<!DOCTYPE busconfig PUBLIC
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
+<busconfig>
+
+ <!-- Only root can own the service -->
+ <policy user="root">
+ <allow own="org.fedoraproject.SetroubleshootPrivileged"/>
+ </policy>
+
+ <policy user="setroubleshoot">
+ <allow send_destination="org.fedoraproject.SetroubleshootPrivileged"
+ send_interface="org.fedoraproject.SetroubleshootPrivileged"/>
+ <allow send_destination="org.fedoraproject.SetroubleshootPrivileged"
+ send_interface="org.freedesktop.DBus.Introspectable"/>
+ </policy>
+
+</busconfig>
diff --git a/framework/org.fedoraproject.SetroubleshootPrivileged.service b/framework/org.fedoraproject.SetroubleshootPrivileged.service
new file mode 100644
index 000000000000..7a454589a31d
--- /dev/null
+++ b/framework/org.fedoraproject.SetroubleshootPrivileged.service
@@ -0,0 +1,4 @@
+[D-BUS Service]
+Name=org.fedoraproject.SetroubleshootPrivileged
+Exec=/usr/share/setroubleshoot/SetroubleshootPrivileged.py
+User=root
diff --git a/framework/src/Makefile.am b/framework/src/Makefile.am
index e1782d585e8d..bf53763b3084 100644
--- a/framework/src/Makefile.am
+++ b/framework/src/Makefile.am
@@ -38,7 +38,8 @@ pkglibexec_SCRIPTS = \
pkgdir = $(datarootdir)/setroubleshoot
pkg_SCRIPTS = \
SetroubleshootFixit.py \
- updater.py
+ updater.py \
+ SetroubleshootPrivileged.py
pkgconfig_DATA = \
setroubleshoot.conf \
diff --git a/framework/src/SetroubleshootPrivileged.py b/framework/src/SetroubleshootPrivileged.py
new file mode 100644
index 000000000000..858115bbe5ae
--- /dev/null
+++ b/framework/src/SetroubleshootPrivileged.py
@@ -0,0 +1,57 @@
+#!/usr/bin/python3
+
+# Authors: Petr Lautrbach <plautrba@redhat.com>
+#
+# Copyright (C) 2020 Red Hat, Inc.
+
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+import dbus
+import dbus.service
+from dbus.mainloop.glib import DBusGMainLoop
+from gi.repository import GLib
+import setroubleshoot.util
+import signal
+
+DBusGMainLoop(set_as_default=True)
+
+class Privileged(dbus.service.Object):
+
+ def __init__(self, timeout=10):
+ self.timeout = timeout
+ self.alarm(self.timeout)
+
+ bus = dbus.SystemBus()
+ bus.request_name("org.fedoraproject.SetroubleshootPrivileged")
+ bus_name = dbus.service.BusName("org.fedoraproject.SetroubleshootPrivileged", bus=bus)
+ dbus.service.Object.__init__(self, bus_name, "/org/fedoraproject/SetroubleshootPrivileged/object")
+
+ def alarm(self, timeout=10):
+ signal.alarm(timeout)
+
+ @dbus.service.method("org.fedoraproject.SetroubleshootPrivileged", in_signature='s', out_signature='s')
+ def get_rpm_nvr_by_scontext(self, scontext):
+ signal.alarm(self.timeout)
+ rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext)
+ if rpmnvr is None:
+ return ""
+
+ return rpmnvr
+
+if __name__ == "__main__":
+ privileged = Privileged()
+
+ loop = GLib.MainLoop()
+ loop.run()
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink