Compare commits
No commits in common. "c8" and "c9s" have entirely different histories.
1
.fmf/version
Normal file
1
.fmf/version
Normal file
@ -0,0 +1 @@
|
|||||||
|
1
|
126
.gitignore
vendored
126
.gitignore
vendored
@ -1 +1,125 @@
|
|||||||
SOURCES/setroubleshoot-plugins-3.3.14.tar.gz
|
setroubleshoot-plugins-2.0.4.tar.gz
|
||||||
|
setroubleshoot-plugins-2.0.7.tar.gz
|
||||||
|
setroubleshoot-plugins-2.0.8.tar.gz
|
||||||
|
setroubleshoot-plugins-2.0.9.tar.gz
|
||||||
|
setroubleshoot-plugins-2.0.10.tar.gz
|
||||||
|
setroubleshoot-plugins-2.0.11.tar.gz
|
||||||
|
setroubleshoot-plugins-2.0.12.tar.gz
|
||||||
|
setroubleshoot-plugins-2.0.14.tar.gz
|
||||||
|
setroubleshoot-plugins-2.0.15.tar.gz
|
||||||
|
setroubleshoot-plugins-2.0.16.tar.gz
|
||||||
|
setroubleshoot-plugins-2.0.18.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.1.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.2.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.3.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.4.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.5.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.7.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.8.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.9.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.11.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.12.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.13.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.14.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.15.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.16.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.18.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.19.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.20.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.21.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.22.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.23.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.24.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.25.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.26.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.27.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.28.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.29.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.30.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.32.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.33.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.34.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.35.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.36.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.37.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.38.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.39.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.40.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.41.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.42.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.43.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.45.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.46.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.47.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.49.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.50.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.51.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.52.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.53.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.54.tar.gz
|
||||||
|
setroubleshoot-plugins-2.1.55.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.0.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.1.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.2.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.3.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.4.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.5.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.6.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.7.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.8.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.9.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.10.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.11.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.12.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.13.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.14.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.17.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.18.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.21.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.22.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.23.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.24.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.25.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.27.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.28.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.30.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.31.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.32.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.33.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.34.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.35.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.36.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.38.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.39.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.40.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.41.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.42.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.45.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.47.tar.gz
|
||||||
|
*.rpm
|
||||||
|
/setroubleshoot-plugins-3.0.48.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.49.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.50.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.51.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.52.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.53.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.54.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.55.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.57.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.58.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.59.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.60.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.0.61.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.1.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.2.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.3.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.4.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.5.1.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.6.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.7.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.8.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.9.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.10.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.11.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.12.tar.gz
|
||||||
|
/setroubleshoot-plugins-3.3.14.tar.gz
|
||||||
|
@ -1 +1 @@
|
|||||||
3ab5cfea9ae81f50f0e103d9eadd6a596140158d SOURCES/setroubleshoot-plugins-3.3.14.tar.gz
|
3ab5cfea9ae81f50f0e103d9eadd6a596140158d setroubleshoot-plugins-3.3.14.tar.gz
|
||||||
|
26
0001-restorecon.py-exclude-more-paths.patch
Normal file
26
0001-restorecon.py-exclude-more-paths.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From 0f508191647a41f92264c0c8fc877b0110bbd468 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <plautrba@redhat.com>
|
||||||
|
Date: Tue, 10 Aug 2021 20:11:20 +0200
|
||||||
|
Subject: [PATCH] restorecon.py: exclude more paths
|
||||||
|
|
||||||
|
It doesn't make sense to run restorecon on /sys/ /proc/ and /memfd:
|
||||||
|
---
|
||||||
|
src/restorecon.py | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/restorecon.py b/src/restorecon.py
|
||||||
|
index e3044c742367..9594c0d59d96 100644
|
||||||
|
--- a/src/restorecon.py
|
||||||
|
+++ b/src/restorecon.py
|
||||||
|
@@ -39,7 +39,7 @@ def customizable(target):
|
||||||
|
|
||||||
|
|
||||||
|
# List of path prefixes for which this plugin is not executed
|
||||||
|
-excluded_paths = ["/sys/fs"]
|
||||||
|
+excluded_paths = ["/sys/", "/proc/", "/memfd:"]
|
||||||
|
# Test if the specified path starts with some excluded prefix
|
||||||
|
def excluded_path(target_path):
|
||||||
|
for path in excluded_paths:
|
||||||
|
--
|
||||||
|
2.32.0
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
6
gating.yaml
Normal file
6
gating.yaml
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
--- !Policy
|
||||||
|
product_versions:
|
||||||
|
- rhel-9
|
||||||
|
decision_context: osci_compose_gate
|
||||||
|
rules:
|
||||||
|
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
|
6
plans/tests.fmf
Normal file
6
plans/tests.fmf
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
summary: Tier 1 setroubleshoot-plugins test plan
|
||||||
|
discover:
|
||||||
|
how: fmf
|
||||||
|
execute:
|
||||||
|
how: tmt
|
||||||
|
|
@ -1,19 +1,24 @@
|
|||||||
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}}
|
||||||
|
|
||||||
|
# Disable automatic compilation of Python files in extra directories
|
||||||
|
%global _python_bytecompile_extra 0
|
||||||
|
|
||||||
Summary: Analysis plugins for use with setroubleshoot
|
Summary: Analysis plugins for use with setroubleshoot
|
||||||
Name: setroubleshoot-plugins
|
Name: setroubleshoot-plugins
|
||||||
Version: 3.3.14
|
Version: 3.3.14
|
||||||
Release: 1%{?dist}
|
Release: 4%{?dist}
|
||||||
License: GPLv2+
|
License: GPLv2+
|
||||||
Group: Applications/System
|
URL: https://github.com/fedora-selinux/setroubleshoot
|
||||||
URL: https://gitlab.com/setroubleshoot/plugins
|
|
||||||
Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
|
Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
|
||||||
# https://pagure.io/setroubleshoot
|
# git format-patch -N setroubleshoot-plugins-<version> -- plugins
|
||||||
# git format-patch -N setroubleshoot-plugins-<version>
|
|
||||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||||
Patch0001: 0001-Update-translations.patch
|
Patch0001: 0001-restorecon.py-exclude-more-paths.patch
|
||||||
BuildArch: noarch
|
BuildArch: noarch
|
||||||
|
|
||||||
|
# gcc is needed only for ./configure
|
||||||
|
# Remove it when the build process is fixed
|
||||||
|
BuildRequires: gcc
|
||||||
|
BuildRequires: make
|
||||||
BuildRequires: perl-XML-Parser
|
BuildRequires: perl-XML-Parser
|
||||||
BuildRequires: intltool gettext python3-devel
|
BuildRequires: intltool gettext python3-devel
|
||||||
# Introduction of get_package_nvr functions
|
# Introduction of get_package_nvr functions
|
||||||
@ -34,50 +39,77 @@ make PYTHON=%{__python3}
|
|||||||
|
|
||||||
%install
|
%install
|
||||||
rm -rf %{buildroot}
|
rm -rf %{buildroot}
|
||||||
make DESTDIR=%{buildroot} PYTHON=%{__python3} pkgdocdir=%{_pkgdocdir} install
|
%make_install PYTHON=%{__python3} pkgdocdir=%{_pkgdocdir}
|
||||||
%find_lang %{name}
|
%find_lang %{name}
|
||||||
|
# Manually invoke the python byte compile macro for each path that needs byte
|
||||||
%clean
|
# compilation.
|
||||||
rm -rf %{buildroot}
|
%py_byte_compile %{__python3} %{buildroot}%{_datadir}/setroubleshoot/plugins
|
||||||
|
|
||||||
%files -f %{name}.lang
|
%files -f %{name}.lang
|
||||||
%defattr(-,root,root,-)
|
|
||||||
%doc %{_pkgdocdir}
|
%doc %{_pkgdocdir}
|
||||||
%{_datadir}/setroubleshoot/plugins
|
%{_datadir}/setroubleshoot/plugins
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Sep 27 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.14-1
|
* Fri Sep 3 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.14-4
|
||||||
- Update translations (#1962034)
|
- restorecon.py: exclude more paths (#1960136)
|
||||||
|
|
||||||
* Wed Aug 12 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.13-1
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.3.14-3
|
||||||
- Add 'fur' into shipped locales
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
- Update translations (#1820571)
|
Related: rhbz#1991688
|
||||||
|
|
||||||
* Tue Apr 28 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.12-1
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.3.14-2
|
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Mon Mar 29 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.14-1
|
||||||
|
- Update translations
|
||||||
|
|
||||||
|
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.12-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.12-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.3.12-2
|
||||||
|
- Use make macros
|
||||||
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||||
|
|
||||||
|
* Tue Apr 21 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.12-1
|
||||||
- Use get_package_nvr* functions instead of get_rpm_nvr*
|
- Use get_package_nvr* functions instead of get_rpm_nvr*
|
||||||
- Update deprecated type references (#1829306)
|
- Update deprecated type references
|
||||||
|
- Update translations
|
||||||
|
|
||||||
* Fri Jan 17 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.11-2
|
* Thu Jan 30 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.11-1
|
||||||
- Update translations (#1754992)
|
- Add plugin which analyzes execmem denials
|
||||||
|
|
||||||
* Mon Nov 18 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.11-1
|
|
||||||
- Add plugin which analyzes execmem denials (#1649842)
|
|
||||||
- Add missing "If " strings
|
- Add missing "If " strings
|
||||||
|
- Update qemu_blk_image and qemu_file_image
|
||||||
|
- Update "xen_image" plugin
|
||||||
|
- Update "file" plugin
|
||||||
|
- Update "missing" scripts to automake-1.15
|
||||||
|
|
||||||
* Mon Aug 19 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.10-3
|
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.10-4
|
||||||
- Rebuild with gating enabled (#1682462)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
|
|
||||||
* Fri Aug 16 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.10-2
|
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.10-3
|
||||||
- update "file" plugin (#1649818)
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||||
- Update "xen_image" plugin (#1649831)
|
|
||||||
- Update qemu_blk_image and qemu_file_image (#1649838)
|
|
||||||
|
|
||||||
* Fri Dec 7 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.10-1
|
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.10-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Dec 8 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.10-1
|
||||||
- Handle no "allowed_target_types" properly
|
- Handle no "allowed_target_types" properly
|
||||||
- bind_ports: Do not use when there are no allowed_target_types
|
- bind_ports: Do not use when there are no allowed_target_types
|
||||||
- Fix summary and "if" text for AVCs with unknown target path
|
- Fix summary and "if" text for AVCs with unknown target path
|
||||||
- plugins: Update translations
|
- plugins: Update translations
|
||||||
|
|
||||||
|
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.9-6
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 3.3.9-5
|
||||||
|
- Rebuilt for Python 3.7
|
||||||
|
|
||||||
|
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.9-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
||||||
|
|
||||||
* Thu Nov 23 2017 Petr Lautrbach <plautrba@redhat.com> - 3.3.9-3
|
* Thu Nov 23 2017 Petr Lautrbach <plautrba@redhat.com> - 3.3.9-3
|
||||||
- Update translations
|
- Update translations
|
||||||
|
|
1
sources
Normal file
1
sources
Normal file
@ -0,0 +1 @@
|
|||||||
|
SHA512 (setroubleshoot-plugins-3.3.14.tar.gz) = da6882a998aeade67891a722a5b94e2ba1072d9db5d73031854a2c0b51083a0eaf9519dd7987938a86c1f8d263d08882642ac447d7b4bbcd8a859db4b44d61c1
|
18
tests/Regression/use-of-aliases-in-plugins/main.fmf
Normal file
18
tests/Regression/use-of-aliases-in-plugins/main.fmf
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
summary: Make sure all types used in setroubleshoot plugins are defined in the policy
|
||||||
|
and are not aliases
|
||||||
|
contact: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
component:
|
||||||
|
- setroubleshoot-plugins
|
||||||
|
test: ./runtest.sh
|
||||||
|
framework: beakerlib
|
||||||
|
recommend:
|
||||||
|
- git
|
||||||
|
- libselinux-utils
|
||||||
|
- setroubleshoot-plugins
|
||||||
|
- policycoreutils
|
||||||
|
- selinux-policy-targeted
|
||||||
|
- python3-policycoreutils
|
||||||
|
- /usr/bin/python3
|
||||||
|
duration: 10m
|
||||||
|
extra-summary: /CoreOS/setroubleshoot-plugins/Regression/use-of-aliases-in-plugins
|
||||||
|
extra-task: /CoreOS/setroubleshoot-plugins/Regression/use-of-aliases-in-plugins
|
49
tests/Regression/use-of-aliases-in-plugins/runtest.sh
Executable file
49
tests/Regression/use-of-aliases-in-plugins/runtest.sh
Executable file
@ -0,0 +1,49 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# runtest.sh of /CoreOS/setroubleshoot-plugins/Regression/use-of-aliases-in-plugins
|
||||||
|
# Description: Make sure all types used in setroubleshoot plugins are
|
||||||
|
# defined in the policy and are not aliases
|
||||||
|
# Author: Vit Mojzis <vmojzis@redhat.com>
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
#
|
||||||
|
# Copyright (c) 2020 Red Hat, Inc.
|
||||||
|
#
|
||||||
|
# This program is free software: you can redistribute it and/or
|
||||||
|
# modify it under the terms of the GNU General Public License as
|
||||||
|
# published by the Free Software Foundation, either version 2 of
|
||||||
|
# the License, or (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be
|
||||||
|
# useful, but WITHOUT ANY WARRANTY; without even the implied
|
||||||
|
# warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
# PURPOSE. See the GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with this program. If not, see http://www.gnu.org/licenses/.
|
||||||
|
#
|
||||||
|
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
# Include Beaker environment
|
||||||
|
. /usr/share/beakerlib/beakerlib.sh || exit 1
|
||||||
|
|
||||||
|
PACKAGE="setroubleshoot-plugins"
|
||||||
|
|
||||||
|
rlJournalStart
|
||||||
|
rlPhaseStartSetup
|
||||||
|
rlAssertRpm ${PACKAGE}
|
||||||
|
rlRun "selinuxenabled" 0
|
||||||
|
rlPhaseEnd
|
||||||
|
|
||||||
|
rlPhaseStartTest "bz#1794807 - look for aliases and undefined types in plugins"
|
||||||
|
# lists all types not defined in the policy as "type_t not found"
|
||||||
|
# and all aliases as "alias_t is an alias of type_t"
|
||||||
|
# all issues are prefixed with a list of offending plugins
|
||||||
|
# returns 1 if an issue was found
|
||||||
|
rlRun "./test_aliases.py" 0
|
||||||
|
rlPhaseEnd
|
||||||
|
rlJournalPrintText
|
||||||
|
rlJournalEnd
|
||||||
|
|
65
tests/Regression/use-of-aliases-in-plugins/test_aliases.py
Executable file
65
tests/Regression/use-of-aliases-in-plugins/test_aliases.py
Executable file
@ -0,0 +1,65 @@
|
|||||||
|
#!/usr/bin/python3
|
||||||
|
|
||||||
|
# lists all types not defined in the policy as "type_t not found"
|
||||||
|
# and all aliases as "alias_t is an alias of type_t"
|
||||||
|
# all issues are prefixed with a list of offending plugins
|
||||||
|
# returns 1 if an issue was found
|
||||||
|
|
||||||
|
import subprocess
|
||||||
|
import sepolicy
|
||||||
|
import sys
|
||||||
|
import re
|
||||||
|
from collections import defaultdict
|
||||||
|
|
||||||
|
plugin_path = "/usr/share/setroubleshoot/plugins"
|
||||||
|
error_code = 0
|
||||||
|
|
||||||
|
if len(sys.argv) > 1:
|
||||||
|
plugin_path = sys.argv[1]
|
||||||
|
|
||||||
|
try:
|
||||||
|
# search all plugin files in given location for the following pattern
|
||||||
|
# <plugin path>:<delimiter><type name>_t<delimiter>
|
||||||
|
g = subprocess.check_output('grep -I [^A-Za-z_][A-Za-z][A-Za-z_]*_t[^A-Za-z_] -o {}/*.py'.format(plugin_path),
|
||||||
|
universal_newlines=True, shell=True)
|
||||||
|
lines = g.split('\n')
|
||||||
|
except:
|
||||||
|
exit(1)
|
||||||
|
# matches 2 groups: file name and type name
|
||||||
|
# <path to plugins>(<plugin file name>):<delimiter>(<type name>_t)<delimiter>
|
||||||
|
reg = re.compile('.*/(.+):[^A-Za-z_]([A-Za-z_]*_t)[^A-Za-z_]')
|
||||||
|
# generate a dictionary of of all type names used in setroubleshoot plugins
|
||||||
|
# where types are keys and lists of files where each type appeared are data
|
||||||
|
found = defaultdict(set)
|
||||||
|
|
||||||
|
for l in lines:
|
||||||
|
m = reg.match(l)
|
||||||
|
|
||||||
|
if m is None:
|
||||||
|
continue
|
||||||
|
|
||||||
|
try:
|
||||||
|
t = m.group(2)
|
||||||
|
if "_TYPE_" in t:
|
||||||
|
continue
|
||||||
|
found[t].add(m.group(1))
|
||||||
|
except:
|
||||||
|
# failed to match
|
||||||
|
continue
|
||||||
|
|
||||||
|
for t in sorted(found.keys()):
|
||||||
|
try:
|
||||||
|
# try to find each type in system policy
|
||||||
|
i = next(sepolicy.info(sepolicy.TYPE, t))['name']
|
||||||
|
if t != i:
|
||||||
|
# <plugin file names>: alias_t is an alias of type_t
|
||||||
|
print("{}: {} is an alias of {}".format(", ".join(found[t]), t, i))
|
||||||
|
error_code = 1
|
||||||
|
except:
|
||||||
|
# skip types defined in selinux-policy modules that are not shipped any more
|
||||||
|
if t not in ["vbetool_t"]:
|
||||||
|
# <plugin file names>: type_t not found
|
||||||
|
print("{}: {} not found".format(", ".join(found[t]), t))
|
||||||
|
error_code = 1
|
||||||
|
|
||||||
|
exit(error_code)
|
Loading…
Reference in New Issue
Block a user