Improve DSP module reporting

2022-01-19 13:40:47 +01:00 · 2022-01-19 13:40:47 +01:00 · 05aacc00c1
commit 05aacc00c1
parent 58c30239f8
4 changed files with 190 additions and 1 deletions
--- a/0001-util.py-Improve-doctest-tests.patch
+++ b/0001-util.py-Improve-doctest-tests.patch
@ -0,0 +1,95 @@
+From def9fd0c22e43e437f867eb1f4bafc7c4a68898b Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 18 Jan 2022 11:59:40 +0100
+Subject: [PATCH] util.py: Improve doctest tests
+
+Usage:
+    # python3 -m doctest -v src/setroubleshoot/util.py
+---
+ src/setroubleshoot/util.py | 32 +++++++++++++++++---------------
+ 1 file changed, 17 insertions(+), 15 deletions(-)
+
+diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py
+index 02c4f752e690..de10c7319138 100755
+--- a/src/setroubleshoot/util.py
+++ b/src/setroubleshoot/util.py
+@@ -321,7 +321,7 @@ def default_date_text(date):
+ 
+ def get_standard_directories():
+     """
+->>> get_standard_directories()
+>>> get_standard_directories() # doctest: +ELLIPSIS
+ [...'/bin'...]
+     """
+     lst = []
+@@ -347,8 +347,8 @@ def get_rpm_nvr_from_header(hdr):
+ 
+ def get_package_nvr_by_name(name):
+     """
+->>> get_package_nvr_by_name("coreutils")
+-'coreutils-8.30-3+b1:amd64'
+>>> get_package_nvr_by_name("coreutils")[0:9]
+'coreutils'
+     """
+     if name is None:
+         return None
+@@ -369,8 +369,8 @@ def get_package_nvr_by_name(name):
+ 
+ def get_package_nvr_by_file_path(name):
+     """
+->>> get_package_nvr_by_file_path("/bin/ls")
+-'coreutils-8.30-3+b1:amd64'
+>>> get_package_nvr_by_file_path("/bin/ls")[0:9]
+'coreutils'
+     """
+     if name is None:
+         return None
+@@ -424,11 +424,11 @@ Finds an SELinux module which defines given SELinux type
+ 
+ ##### usage
+ 
+->>> get_rpm_nvr_by_type("sshd_t")
+-'selinux-policy-...
+>>> get_rpm_nvr_by_type("sshd_t")[0:14]
+'selinux-policy'
+ 
+->>> get_rpm_nvr_by_type("mysqld_log_t")
+-'mysql-selinux-...
+>>> get_rpm_nvr_by_type("mysqld_log_t")[0:13]
+'mysql-selinux'
+ 
+     """
+ 
+@@ -511,14 +511,14 @@ Finds an SELinux module which defines given SELinux context
+ 
+ ##### usage
+ 
+->>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")
+-'selinux-policy-...
+>>> get_rpm_nvr_by_scontext("system_u:system_r:syslogd_t:s0")[0:14]
+'selinux-policy'
+ 
+->>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")
+-'mysql-selinux-...
+>>> get_rpm_nvr_by_scontext("system_u:system_r:mysqld_log_t:s0")[0:13]
+'mysql-selinux'
+ 
+->>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)
+-'selinux-policy-...
+>>> get_rpm_nvr_by_scontext("system_u:system_r:timedatex_t:s0", use_dbus=True)[0:14]
+'selinux-policy'
+ 
+     """
+     if use_dbus:
+@@ -542,6 +542,8 @@ def get_rpm_source_package(name):
+     >>> get_rpm_source_package("selinux-policy-targeted")
+     'selinux-policy'
+ 
+    >>> get_rpm_source_package("selinux-policy-targeted-35.8-1.fc35.noarch")
+    'selinux-policy'
+     """
+     if name is None:
+         return None
+-- 
+2.34.1
+
--- a/0002-Look-for-modules-in-usr-share-selinux-packages.patch
+++ b/0002-Look-for-modules-in-usr-share-selinux-packages.patch
@ -0,0 +1,54 @@
+From 93a63babd44e8fc7652b4e6c3c078133f234310f Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 18 Jan 2022 15:59:09 +0100
+Subject: [PATCH] Look for modules in /usr/share/selinux/packages
+
+Not all packages shipping SELinux modules own their directory in
+/var/lib/selinux/... Some of them own just .pp.bz2 file in
+/usr/share/selinux/packages. Lets look there when we try to detect the
+right component for the report.
+---
+ src/setroubleshoot/util.py | 20 +++++++++++++++++++-
+ 1 file changed, 19 insertions(+), 1 deletion(-)
+
+diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py
+index de10c7319138..1405bb84c342 100755
+--- a/src/setroubleshoot/util.py
+++ b/src/setroubleshoot/util.py
+@@ -430,6 +430,9 @@ Finds an SELinux module which defines given SELinux type
+ >>> get_rpm_nvr_by_type("mysqld_log_t")[0:13]
+ 'mysql-selinux'
+ 
+>>> get_rpm_nvr_by_type("spc_t")[0:17]
+'container-selinux'
+
+     """
+ 
+     if module_type_cache is None:
+@@ -439,7 +442,22 @@ Finds an SELinux module which defines given SELinux type
+ 
+     path = module_type_cache.get(selinux_type, None)
+ 
+-    return get_package_nvr_by_file_path(path)
+    if path is None:
+        return None
+
+    package = get_package_nvr_by_file_path(path)
+
+    if package is None:
+        module_name = path.split('/')[-1]
+        path = '/usr/share/selinux/packages/' + module_name + '.pp'
+        package = get_package_nvr_by_file_path(path)
+        if package is None:
+            path += '.bz2'
+            package = get_package_nvr_by_file_path(path)
+
+    return package
+
+
+ 
+ # check if given string represents an integer
+ def __str_is_int(str):
+-- 
+2.34.1
+
--- a/0003-Always-use-rpm-source-package-for-reporting.patch
+++ b/0003-Always-use-rpm-source-package-for-reporting.patch
@ -0,0 +1,37 @@
+From 2dbf243d535c3b8dca5fa3b4e360ca8c6959f68d Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <plautrba@redhat.com>
+Date: Tue, 18 Jan 2022 12:01:03 +0100
+Subject: [PATCH] Always use rpm source package for reporting
+
+Originally when a module wasn't owned by any package policy_rpm, e.g.
+selinux-policy-targeted..., was used. In Red Hat bugzilla there's no
+component selinux-policy-targeted therefore we need to use source
+package name when reporting a problem.
+
+Fixes:
+fatal: RPC failed at server.  There is no component named 'selinux-policy-targeted-35.8-1.fc35.noarch' in the 'Fedora' product.
+---
+ src/setroubleshoot/browser.py | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/setroubleshoot/browser.py b/src/setroubleshoot/browser.py
+index 3203f75e0c17..48015834fe57 100644
+--- a/src/setroubleshoot/browser.py
+++ b/src/setroubleshoot/browser.py
+@@ -1002,9 +1002,10 @@ class BugReport:
+         text_buf = self.error_submit_text.get_buffer()
+         content = text_buf.get_text(text_buf.get_start_iter(),
+                                     text_buf.get_end_iter(), False)
+-        local_policy_package = get_rpm_source_package(self.alert.environment.local_policy_rpm)
+-        if local_policy_package is None:
+-            local_policy_package = self.alert.environment.policy_rpm
+        local_policy_rpm = self.alert.environment.local_policy_rpm
+        if not local_policy_rpm:
+            local_policy_rpm = self.alert.environment.policy_rpm
+        local_policy_package = get_rpm_source_package(local_policy_rpm)
+         signature = report.createAlertSignature(str(local_policy_package),
+                                                 "setroubleshoot",
+                                                 self.alert.get_hash(),
+-- 
+2.34.1
+
--- a/setroubleshoot.spec
+++ b/setroubleshoot.spec
@ -11,6 +11,9 @@ Source0: https://gitlab.com/setroubleshoot/framework/-/archive/%{version}/framew
 Source1: %{name}.tmpfiles
 # git format-patch -N 3.3.27
 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
+Patch0001: 0001-util.py-Improve-doctest-tests.patch
+Patch0002: 0002-Look-for-modules-in-usr-share-selinux-packages.patch
+Patch0003: 0003-Always-use-rpm-source-package-for-reporting.patch
 BuildRequires: gcc
 BuildRequires: make
 BuildRequires: libcap-ng-devel
@ -65,7 +68,7 @@ to user preference. The same tools can be run on existing log files.


 %prep
-%autosetup -p 2 -n framework-%{version}
+%autosetup -p 1 -n framework-%{version}

 %build
 ./autogen.sh