Improve DSP module reporting

This commit is contained in:
Petr Lautrbach 2022-01-19 13:40:47 +01:00
parent 58c30239f8
commit 05aacc00c1
4 changed files with 190 additions and 1 deletions

View File

@ -0,0 +1,95 @@
From def9fd0c22e43e437f867eb1f4bafc7c4a68898b Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 18 Jan 2022 11:59:40 +0100
Subject: [PATCH] util.py: Improve doctest tests
Usage:
# python3 -m doctest -v src/setroubleshoot/util.py
---
src/setroubleshoot/util.py | 32 +++++++++++++++++---------------
1 file changed, 17 insertions(+), 15 deletions(-)
diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py
index 02c4f752e690..de10c7319138 100755
--- a/src/setroubleshoot/util.py
+++ b/src/setroubleshoot/util.py
@@ -321,7 +321,7 @@ def default_date_text(date):
def get_standard_directories():
"""
->>> get_standard_directories()
+>>> get_standard_directories() # doctest: +ELLIPSIS
[...'/bin'...]
"""
lst = []
@@ -347,8 +347,8 @@ def get_rpm_nvr_from_header(hdr):
def get_package_nvr_by_name(name):
"""
->>> get_package_nvr_by_name("coreutils")
-'coreutils-8.30-3+b1:amd64'
+>>> get_package_nvr_by_name("coreutils")[0:9]
+'coreutils'
"""
if name is None:
return None
@@ -369,8 +369,8 @@ def get_package_nvr_by_name(name):
def get_package_nvr_by_file_path(name):
"""
->>> get_package_nvr_by_file_path("/bin/ls")
-'coreutils-8.30-3+b1:amd64'
+>>> get_package_nvr_by_file_path("/bin/ls")[0:9]
+'coreutils'
"""
if name is None:
return None
@@ -424,11 +424,11 @@ Finds an SELinux module which defines given SELinux type
##### usage
->>> get_rpm_nvr_by_type("sshd_t")
-'selinux-policy-...
+>>> get_rpm_nvr_by_type("sshd_t")[0:14]
+'selinux-policy'
->>> get_rpm_nvr_by_type("mysqld_log_t")
-'mysql-selinux-...
+>>> get_rpm_nvr_by_type("mysqld_log_t")[0:13]
+'mysql-selinux'
"""
@@ -511,14 +511,14 @@ Finds an SELinux module which defines given SELinux context
##### usage
->>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")
-'selinux-policy-...
+>>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")[0:14]
+'selinux-policy'
->>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")
-'mysql-selinux-...
+>>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")[0:13]
+'mysql-selinux'
->>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)
-'selinux-policy-...
+>>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)[0:14]
+'selinux-policy'
"""
if use_dbus:
@@ -542,6 +542,8 @@ def get_rpm_source_package(name):
>>> get_rpm_source_package("selinux-policy-targeted")
'selinux-policy'
+ >>> get_rpm_source_package("selinux-policy-targeted-35.8-1.fc35.noarch")
+ 'selinux-policy'
"""
if name is None:
return None
--
2.34.1

View File

@ -0,0 +1,54 @@
From 93a63babd44e8fc7652b4e6c3c078133f234310f Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 18 Jan 2022 15:59:09 +0100
Subject: [PATCH] Look for modules in /usr/share/selinux/packages
Not all packages shipping SELinux modules own their directory in
/var/lib/selinux/... Some of them own just .pp.bz2 file in
/usr/share/selinux/packages. Lets look there when we try to detect the
right component for the report.
---
src/setroubleshoot/util.py | 20 +++++++++++++++++++-
1 file changed, 19 insertions(+), 1 deletion(-)
diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py
index de10c7319138..1405bb84c342 100755
--- a/src/setroubleshoot/util.py
+++ b/src/setroubleshoot/util.py
@@ -430,6 +430,9 @@ Finds an SELinux module which defines given SELinux type
>>> get_rpm_nvr_by_type("mysqld_log_t")[0:13]
'mysql-selinux'
+>>> get_rpm_nvr_by_type("spc_t")[0:17]
+'container-selinux'
+
"""
if module_type_cache is None:
@@ -439,7 +442,22 @@ Finds an SELinux module which defines given SELinux type
path = module_type_cache.get(selinux_type, None)
- return get_package_nvr_by_file_path(path)
+ if path is None:
+ return None
+
+ package = get_package_nvr_by_file_path(path)
+
+ if package is None:
+ module_name = path.split('/')[-1]
+ path = '/usr/share/selinux/packages/' + module_name + '.pp'
+ package = get_package_nvr_by_file_path(path)
+ if package is None:
+ path += '.bz2'
+ package = get_package_nvr_by_file_path(path)
+
+ return package
+
+
# check if given string represents an integer
def __str_is_int(str):
--
2.34.1

View File

@ -0,0 +1,37 @@
From 2dbf243d535c3b8dca5fa3b4e360ca8c6959f68d Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 18 Jan 2022 12:01:03 +0100
Subject: [PATCH] Always use rpm source package for reporting
Originally when a module wasn't owned by any package policy_rpm, e.g.
selinux-policy-targeted..., was used. In Red Hat bugzilla there's no
component selinux-policy-targeted therefore we need to use source
package name when reporting a problem.
Fixes:
fatal: RPC failed at server. There is no component named 'selinux-policy-targeted-35.8-1.fc35.noarch' in the 'Fedora' product.
---
src/setroubleshoot/browser.py | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/setroubleshoot/browser.py b/src/setroubleshoot/browser.py
index 3203f75e0c17..48015834fe57 100644
--- a/src/setroubleshoot/browser.py
+++ b/src/setroubleshoot/browser.py
@@ -1002,9 +1002,10 @@ class BugReport:
text_buf = self.error_submit_text.get_buffer()
content = text_buf.get_text(text_buf.get_start_iter(),
text_buf.get_end_iter(), False)
- local_policy_package = get_rpm_source_package(self.alert.environment.local_policy_rpm)
- if local_policy_package is None:
- local_policy_package = self.alert.environment.policy_rpm
+ local_policy_rpm = self.alert.environment.local_policy_rpm
+ if not local_policy_rpm:
+ local_policy_rpm = self.alert.environment.policy_rpm
+ local_policy_package = get_rpm_source_package(local_policy_rpm)
signature = report.createAlertSignature(str(local_policy_package),
"setroubleshoot",
self.alert.get_hash(),
--
2.34.1

View File

@ -11,6 +11,9 @@ Source0: https://gitlab.com/setroubleshoot/framework/-/archive/%{version}/framew
Source1: %{name}.tmpfiles Source1: %{name}.tmpfiles
# git format-patch -N 3.3.27 # git format-patch -N 3.3.27
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
Patch0001: 0001-util.py-Improve-doctest-tests.patch
Patch0002: 0002-Look-for-modules-in-usr-share-selinux-packages.patch
Patch0003: 0003-Always-use-rpm-source-package-for-reporting.patch
BuildRequires: gcc BuildRequires: gcc
BuildRequires: make BuildRequires: make
BuildRequires: libcap-ng-devel BuildRequires: libcap-ng-devel
@ -65,7 +68,7 @@ to user preference. The same tools can be run on existing log files.
%prep %prep
%autosetup -p 2 -n framework-%{version} %autosetup -p 1 -n framework-%{version}
%build %build
./autogen.sh ./autogen.sh