From 0c5eceac1ab6e5a9c5397cd5cfc913c4bb7dc3d3 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Tue, 1 Jul 2025 14:31:59 +0200 Subject: [PATCH] setroubleshoot-3.3.35-2 - audit_data: include syslog when needed Resolves: RHEL-39978 --- ...udit_data-include-syslog-when-needed.patch | 43 +++++++++++++++++++ setroubleshoot.spec | 6 ++- 2 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 0001-audit_data-include-syslog-when-needed.patch diff --git a/0001-audit_data-include-syslog-when-needed.patch b/0001-audit_data-include-syslog-when-needed.patch new file mode 100644 index 0000000..890826b --- /dev/null +++ b/0001-audit_data-include-syslog-when-needed.patch @@ -0,0 +1,43 @@ +From c36a476e64bc695c439ffa691533b395977b6369 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Mon, 30 Jun 2025 18:04:55 +0200 +Subject: [PATCH] audit_data: include syslog when needed + +Fixes: + setroubleshoot[5450]: Unable to process audit event: cannot access local variable 'syslog' where it is not associated with a value + setroubleshoot[5450]: Traceback (most recent call last): + setroubleshoot[5450]: File "/usr/lib/python3.12/site-packages/setroubleshoot/audit_data.py", line 1106, in compute_avcs + setroubleshoot[5450]: avcs.append(AVC(audit_event, record)) + setroubleshoot[5450]: ^^^^^^^^^^^^^^^^^^^^^^^^ + setroubleshoot[5450]: File "/usr/lib/python3.12/site-packages/setroubleshoot/audit_data.py", line 675, in __init__ + setroubleshoot[5450]: self.derive_avc_info_from_audit_event(avc_record) + setroubleshoot[5450]: File "/usr/lib/python3.12/site-packages/setroubleshoot/audit_data.py", line 1021, in derive_avc_info_from_audit_event + setroubleshoot[5450]: raise AVCError(_("%s \n**** Recorded AVC is allowed in current policy ****\n") % self.avc_record) + setroubleshoot[5450]: setroubleshoot.audit_data.AVCError: node=mmalik-1mt-centos-stream-10-10625-2024-06-03-07-41 type=AVC msg=audit(1717400917.313:578): avc: > + setroubleshoot[5450]: + setroubleshoot[5450]: **** Recorded AVC is allowed in current policy **** + setroubleshoot[5450]: During handling of the above exception, another exception occurred: + setroubleshoot[5450]: Traceback (most recent call last): + setroubleshoot[5450]: File "/usr/lib/python3.12/site-packages/setroubleshoot/audit_data.py", line 1108, in compute_avcs + setroubleshoot[5450]: syslog.syslog(syslog.LOG_ERR, "%s" % e) + setroubleshoot[5450]: ^^^^^^ + setroubleshoot[5450]: UnboundLocalError: cannot access local variable 'syslog' where it is not associated with a value +--- + src/setroubleshoot/audit_data.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/setroubleshoot/audit_data.py b/src/setroubleshoot/audit_data.py +index de2b0f1..409492a 100644 +--- a/src/setroubleshoot/audit_data.py ++++ b/src/setroubleshoot/audit_data.py +@@ -1105,6 +1105,7 @@ def compute_avcs(audit_event): + try: + avcs.append(AVC(audit_event, record)) + except AVCError as e: ++ import syslog + syslog.syslog(syslog.LOG_ERR, "%s" % e) + except Exception as e: + import syslog +-- +2.49.0 + diff --git a/setroubleshoot.spec b/setroubleshoot.spec index c717740..9297604 100644 --- a/setroubleshoot.spec +++ b/setroubleshoot.spec @@ -4,7 +4,7 @@ Summary: Helps troubleshoot SELinux problems Name: setroubleshoot Version: 3.3.35 -Release: 1%{?dist} +Release: 2%{?dist} License: GPL-2.0-or-later URL: https://gitlab.com/setroubleshoot/setroubleshoot Source0: https://gitlab.com/setroubleshoot/setroubleshoot/-/archive/%{version}/setroubleshoot-%{version}.tar.gz @@ -12,6 +12,7 @@ Source1: %{name}.tmpfiles Source2: %{name}.sysusers # git format-patch -N 3.3.35 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done +Patch0001: 0001-audit_data-include-syslog-when-needed.patch BuildRequires: gcc BuildRequires: make BuildRequires: libcap-ng-devel @@ -192,6 +193,9 @@ to user preference. The same tools can be run on existing log files. %doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO %changelog +* Tue Jul 01 2025 Vit Mojzis - 3.3.35-2 +- audit_data: include syslog when needed (RHEL-39978) + * Thu Mar 13 2025 Petr Lautrbach - 3.3.35-1 - Update tmpfiles.d config (bz#2346971) - Do not hardcode /var/lib/selinux as store_root