setroubleshoot/0008-Add-Local-SELinux-policy-package-version-to-analyses.patch

61 lines
3.4 KiB
Diff
Raw Normal View History

From 74926ff27b35329819d74ea53eef2aff376cc6e1 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 25 Feb 2020 10:36:06 +0100
Subject: [PATCH] Add Local SELinux policy package version to analyses reports
Sometimes a SELinux domain is shipped by other than selinux-policy packages. In
this case it's useful to report other package policy version together with
selinux-policy version, e.g. for the following AVC:
type=AVC msg=audit(1582621541.469:6896): avc: denied { write } for pid=1627505 comm="python3" name="plautrba" dev="dm-4" ino=19529729 scontext=system_u:system_r:mysqld_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=1
a report will contain the following lines:
SELinux Policy RPM selinux-policy-3.14.5-24.fc32.1.contrib.50770ffc2a14.noarch
Local Policy RPM mysql-selinux-1.0.0-9.fc32.noarch
---
framework/src/setroubleshoot/signature.py | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/framework/src/setroubleshoot/signature.py b/framework/src/setroubleshoot/signature.py
index 711c2875f5a4..7287eec8af61 100755
--- a/framework/src/setroubleshoot/signature.py
+++ b/framework/src/setroubleshoot/signature.py
@@ -120,6 +120,7 @@ class SEEnvironment(XmlSerialize):
'kernel': {'XMLForm': 'element'},
'policy_type': {'XMLForm': 'element'},
'policy_rpm': {'XMLForm': 'element'},
+ 'local_policy_rpm': {'XMLForm': 'element'},
'enforce': {'XMLForm': 'element'},
'selinux_enabled': {'XMLForm': 'element', 'import_typecast': boolean, },
'selinux_mls_enabled': {'XMLForm': 'element', 'import_typecast': boolean, },
@@ -141,6 +142,7 @@ class SEEnvironment(XmlSerialize):
self.platform, self.kernel = get_os_environment()
self.policy_type = selinux.selinux_getpolicytype()[1]
self.policy_rpm = get_rpm_nvr_by_name("selinux-policy")
+ self.local_policy_rpm = self.policy_rpm
self.policyvers = str(selinux.security_policyvers())
enforce = selinux.security_getenforce()
if enforce == 0:
@@ -312,6 +314,7 @@ class SEFaultSignatureInfo(XmlSerialize):
setattr(self, k, v)
self.report_count = 1
self.plugin_list = []
+ self.environment.local_policy_rpm = get_rpm_nvr_by_scontext(self.scontext, use_dbus=True)
def update_merge(self, siginfo):
if siginfo.last_seen_date != self.last_seen_date:
@@ -524,7 +527,8 @@ class SEFaultSignatureInfo(XmlSerialize):
text += format_2_column_name_value(_("Host"), default_text(self.sig.host))
text += format_2_column_name_value(_("Source RPM Packages"), default_text(self.format_rpm_list(self.src_rpm_list)))
text += format_2_column_name_value(_("Target RPM Packages"), default_text(self.format_rpm_list(self.tgt_rpm_list)))
- text += format_2_column_name_value(_("Policy RPM"), default_text(env.policy_rpm))
+ text += format_2_column_name_value(_("SELinux Policy RPM"), default_text(env.policy_rpm))
+ text += format_2_column_name_value(_("Local Policy RPM"), default_text(env.local_policy_rpm))
text += format_2_column_name_value(_("Selinux Enabled"), default_text(env.selinux_enabled))
text += format_2_column_name_value(_("Policy Type"), default_text(env.policy_type))
text += format_2_column_name_value(_("Enforcing Mode"), default_text(env.enforce))
--
2.25.1