From 05aacc00c1525759c5371164733bd1749a4907cb Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Wed, 19 Jan 2022 13:40:47 +0100 Subject: [PATCH] Improve DSP module reporting --- 0001-util.py-Improve-doctest-tests.patch | 95 +++++++++++++++++++ ...odules-in-usr-share-selinux-packages.patch | 54 +++++++++++ ...use-rpm-source-package-for-reporting.patch | 37 ++++++++ setroubleshoot.spec | 5 +- 4 files changed, 190 insertions(+), 1 deletion(-) create mode 100644 0001-util.py-Improve-doctest-tests.patch create mode 100644 0002-Look-for-modules-in-usr-share-selinux-packages.patch create mode 100644 0003-Always-use-rpm-source-package-for-reporting.patch diff --git a/0001-util.py-Improve-doctest-tests.patch b/0001-util.py-Improve-doctest-tests.patch new file mode 100644 index 0000000..736882f --- /dev/null +++ b/0001-util.py-Improve-doctest-tests.patch @@ -0,0 +1,95 @@ +From def9fd0c22e43e437f867eb1f4bafc7c4a68898b Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 18 Jan 2022 11:59:40 +0100 +Subject: [PATCH] util.py: Improve doctest tests + +Usage: + # python3 -m doctest -v src/setroubleshoot/util.py +--- + src/setroubleshoot/util.py | 32 +++++++++++++++++--------------- + 1 file changed, 17 insertions(+), 15 deletions(-) + +diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py +index 02c4f752e690..de10c7319138 100755 +--- a/src/setroubleshoot/util.py ++++ b/src/setroubleshoot/util.py +@@ -321,7 +321,7 @@ def default_date_text(date): + + def get_standard_directories(): + """ +->>> get_standard_directories() ++>>> get_standard_directories() # doctest: +ELLIPSIS + [...'/bin'...] + """ + lst = [] +@@ -347,8 +347,8 @@ def get_rpm_nvr_from_header(hdr): + + def get_package_nvr_by_name(name): + """ +->>> get_package_nvr_by_name("coreutils") +-'coreutils-8.30-3+b1:amd64' ++>>> get_package_nvr_by_name("coreutils")[0:9] ++'coreutils' + """ + if name is None: + return None +@@ -369,8 +369,8 @@ def get_package_nvr_by_name(name): + + def get_package_nvr_by_file_path(name): + """ +->>> get_package_nvr_by_file_path("/bin/ls") +-'coreutils-8.30-3+b1:amd64' ++>>> get_package_nvr_by_file_path("/bin/ls")[0:9] ++'coreutils' + """ + if name is None: + return None +@@ -424,11 +424,11 @@ Finds an SELinux module which defines given SELinux type + + ##### usage + +->>> get_rpm_nvr_by_type("sshd_t") +-'selinux-policy-... ++>>> get_rpm_nvr_by_type("sshd_t")[0:14] ++'selinux-policy' + +->>> get_rpm_nvr_by_type("mysqld_log_t") +-'mysql-selinux-... ++>>> get_rpm_nvr_by_type("mysqld_log_t")[0:13] ++'mysql-selinux' + + """ + +@@ -511,14 +511,14 @@ Finds an SELinux module which defines given SELinux context + + ##### usage + +->>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0") +-'selinux-policy-... ++>>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")[0:14] ++'selinux-policy' + +->>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0") +-'mysql-selinux-... ++>>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")[0:13] ++'mysql-selinux' + +->>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True) +-'selinux-policy-... ++>>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)[0:14] ++'selinux-policy' + + """ + if use_dbus: +@@ -542,6 +542,8 @@ def get_rpm_source_package(name): + >>> get_rpm_source_package("selinux-policy-targeted") + 'selinux-policy' + ++ >>> get_rpm_source_package("selinux-policy-targeted-35.8-1.fc35.noarch") ++ 'selinux-policy' + """ + if name is None: + return None +-- +2.34.1 + diff --git a/0002-Look-for-modules-in-usr-share-selinux-packages.patch b/0002-Look-for-modules-in-usr-share-selinux-packages.patch new file mode 100644 index 0000000..be7a1dd --- /dev/null +++ b/0002-Look-for-modules-in-usr-share-selinux-packages.patch @@ -0,0 +1,54 @@ +From 93a63babd44e8fc7652b4e6c3c078133f234310f Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 18 Jan 2022 15:59:09 +0100 +Subject: [PATCH] Look for modules in /usr/share/selinux/packages + +Not all packages shipping SELinux modules own their directory in +/var/lib/selinux/... Some of them own just .pp.bz2 file in +/usr/share/selinux/packages. Lets look there when we try to detect the +right component for the report. +--- + src/setroubleshoot/util.py | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py +index de10c7319138..1405bb84c342 100755 +--- a/src/setroubleshoot/util.py ++++ b/src/setroubleshoot/util.py +@@ -430,6 +430,9 @@ Finds an SELinux module which defines given SELinux type + >>> get_rpm_nvr_by_type("mysqld_log_t")[0:13] + 'mysql-selinux' + ++>>> get_rpm_nvr_by_type("spc_t")[0:17] ++'container-selinux' ++ + """ + + if module_type_cache is None: +@@ -439,7 +442,22 @@ Finds an SELinux module which defines given SELinux type + + path = module_type_cache.get(selinux_type, None) + +- return get_package_nvr_by_file_path(path) ++ if path is None: ++ return None ++ ++ package = get_package_nvr_by_file_path(path) ++ ++ if package is None: ++ module_name = path.split('/')[-1] ++ path = '/usr/share/selinux/packages/' + module_name + '.pp' ++ package = get_package_nvr_by_file_path(path) ++ if package is None: ++ path += '.bz2' ++ package = get_package_nvr_by_file_path(path) ++ ++ return package ++ ++ + + # check if given string represents an integer + def __str_is_int(str): +-- +2.34.1 + diff --git a/0003-Always-use-rpm-source-package-for-reporting.patch b/0003-Always-use-rpm-source-package-for-reporting.patch new file mode 100644 index 0000000..fad0100 --- /dev/null +++ b/0003-Always-use-rpm-source-package-for-reporting.patch @@ -0,0 +1,37 @@ +From 2dbf243d535c3b8dca5fa3b4e360ca8c6959f68d Mon Sep 17 00:00:00 2001 +From: Petr Lautrbach +Date: Tue, 18 Jan 2022 12:01:03 +0100 +Subject: [PATCH] Always use rpm source package for reporting + +Originally when a module wasn't owned by any package policy_rpm, e.g. +selinux-policy-targeted..., was used. In Red Hat bugzilla there's no +component selinux-policy-targeted therefore we need to use source +package name when reporting a problem. + +Fixes: +fatal: RPC failed at server. There is no component named 'selinux-policy-targeted-35.8-1.fc35.noarch' in the 'Fedora' product. +--- + src/setroubleshoot/browser.py | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/setroubleshoot/browser.py b/src/setroubleshoot/browser.py +index 3203f75e0c17..48015834fe57 100644 +--- a/src/setroubleshoot/browser.py ++++ b/src/setroubleshoot/browser.py +@@ -1002,9 +1002,10 @@ class BugReport: + text_buf = self.error_submit_text.get_buffer() + content = text_buf.get_text(text_buf.get_start_iter(), + text_buf.get_end_iter(), False) +- local_policy_package = get_rpm_source_package(self.alert.environment.local_policy_rpm) +- if local_policy_package is None: +- local_policy_package = self.alert.environment.policy_rpm ++ local_policy_rpm = self.alert.environment.local_policy_rpm ++ if not local_policy_rpm: ++ local_policy_rpm = self.alert.environment.policy_rpm ++ local_policy_package = get_rpm_source_package(local_policy_rpm) + signature = report.createAlertSignature(str(local_policy_package), + "setroubleshoot", + self.alert.get_hash(), +-- +2.34.1 + diff --git a/setroubleshoot.spec b/setroubleshoot.spec index 1b205dd..184603a 100644 --- a/setroubleshoot.spec +++ b/setroubleshoot.spec @@ -11,6 +11,9 @@ Source0: https://gitlab.com/setroubleshoot/framework/-/archive/%{version}/framew Source1: %{name}.tmpfiles # git format-patch -N 3.3.27 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done +Patch0001: 0001-util.py-Improve-doctest-tests.patch +Patch0002: 0002-Look-for-modules-in-usr-share-selinux-packages.patch +Patch0003: 0003-Always-use-rpm-source-package-for-reporting.patch BuildRequires: gcc BuildRequires: make BuildRequires: libcap-ng-devel @@ -65,7 +68,7 @@ to user preference. The same tools can be run on existing log files. %prep -%autosetup -p 2 -n framework-%{version} +%autosetup -p 1 -n framework-%{version} %build ./autogen.sh