diff --git a/.gitignore b/.gitignore index 6d044b3..43f4892 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/setroubleshoot-3.3.32.tar.gz +SOURCES/setroubleshoot-3.3.35.tar.gz diff --git a/.setroubleshoot.metadata b/.setroubleshoot.metadata index e305919..a9d570c 100644 --- a/.setroubleshoot.metadata +++ b/.setroubleshoot.metadata @@ -1 +1 @@ -6ee4101312b8c2b98ea7d007eccd62918f59c4f3 SOURCES/setroubleshoot-3.3.32.tar.gz +a3bfe767bf3a84e85aa839fc2b1ffcdfe9014916 SOURCES/setroubleshoot-3.3.35.tar.gz diff --git a/SOURCES/0001-audit_data-include-syslog-when-needed.patch b/SOURCES/0001-audit_data-include-syslog-when-needed.patch new file mode 100644 index 0000000..890826b --- /dev/null +++ b/SOURCES/0001-audit_data-include-syslog-when-needed.patch @@ -0,0 +1,43 @@ +From c36a476e64bc695c439ffa691533b395977b6369 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Mon, 30 Jun 2025 18:04:55 +0200 +Subject: [PATCH] audit_data: include syslog when needed + +Fixes: + setroubleshoot[5450]: Unable to process audit event: cannot access local variable 'syslog' where it is not associated with a value + setroubleshoot[5450]: Traceback (most recent call last): + setroubleshoot[5450]: File "/usr/lib/python3.12/site-packages/setroubleshoot/audit_data.py", line 1106, in compute_avcs + setroubleshoot[5450]: avcs.append(AVC(audit_event, record)) + setroubleshoot[5450]: ^^^^^^^^^^^^^^^^^^^^^^^^ + setroubleshoot[5450]: File "/usr/lib/python3.12/site-packages/setroubleshoot/audit_data.py", line 675, in __init__ + setroubleshoot[5450]: self.derive_avc_info_from_audit_event(avc_record) + setroubleshoot[5450]: File "/usr/lib/python3.12/site-packages/setroubleshoot/audit_data.py", line 1021, in derive_avc_info_from_audit_event + setroubleshoot[5450]: raise AVCError(_("%s \n**** Recorded AVC is allowed in current policy ****\n") % self.avc_record) + setroubleshoot[5450]: setroubleshoot.audit_data.AVCError: node=mmalik-1mt-centos-stream-10-10625-2024-06-03-07-41 type=AVC msg=audit(1717400917.313:578): avc: > + setroubleshoot[5450]: + setroubleshoot[5450]: **** Recorded AVC is allowed in current policy **** + setroubleshoot[5450]: During handling of the above exception, another exception occurred: + setroubleshoot[5450]: Traceback (most recent call last): + setroubleshoot[5450]: File "/usr/lib/python3.12/site-packages/setroubleshoot/audit_data.py", line 1108, in compute_avcs + setroubleshoot[5450]: syslog.syslog(syslog.LOG_ERR, "%s" % e) + setroubleshoot[5450]: ^^^^^^ + setroubleshoot[5450]: UnboundLocalError: cannot access local variable 'syslog' where it is not associated with a value +--- + src/setroubleshoot/audit_data.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/setroubleshoot/audit_data.py b/src/setroubleshoot/audit_data.py +index de2b0f1..409492a 100644 +--- a/src/setroubleshoot/audit_data.py ++++ b/src/setroubleshoot/audit_data.py +@@ -1105,6 +1105,7 @@ def compute_avcs(audit_event): + try: + avcs.append(AVC(audit_event, record)) + except AVCError as e: ++ import syslog + syslog.syslog(syslog.LOG_ERR, "%s" % e) + except Exception as e: + import syslog +-- +2.49.0 + diff --git a/SOURCES/0001-imp-module-is-deprecated-in-favor-of-importlib.patch b/SOURCES/0001-imp-module-is-deprecated-in-favor-of-importlib.patch deleted file mode 100644 index 44ee45c..0000000 --- a/SOURCES/0001-imp-module-is-deprecated-in-favor-of-importlib.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 2f9e575333af7c7798956f211c29a46a338155e5 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Mon, 24 Jul 2023 17:33:17 +0200 -Subject: [PATCH] 'imp' module is deprecated in favor of 'importlib' -Content-type: text/plain - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224393 ---- - src/setroubleshoot/util.py | 26 ++++++++------------------ - 1 file changed, 8 insertions(+), 18 deletions(-) - -diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py -index 0e02f12de682..828a598ef1c2 100755 ---- a/src/setroubleshoot/util.py -+++ b/src/setroubleshoot/util.py -@@ -73,6 +73,7 @@ import datetime - from dasbus.connection import SystemMessageBus - import glob - from gi.repository import GObject -+import importlib - import os - import pwd - import re -@@ -771,37 +772,26 @@ def load_plugins(filter_glob=None): - - # load the parent (e.g. the package containing the submodules), required for python 2.5 and above - module_name = plugin_base -- plugin_name = '__init__' - if module_name not in sys.modules: - try: -- import imp -- mod_fp, mod_path, mod_description = imp.find_module(plugin_name, [plugin_dir]) -- mod = imp.load_module(module_name, mod_fp, mod_path, mod_description) -+ mod_spec = importlib.util.spec_from_file_location(plugin_base, plugin_dir + "/__init__.py") -+ mod = importlib.util.module_from_spec(mod_spec) -+ mod_spec.loader.exec_module(mod) - except Exception as e: - syslog.syslog(syslog.LOG_ERR, "failed to initialize plugins in %s: %s" % (plugin_dir, str(e))) - return [] - -- if mod_fp: -- mod_fp.close() -- - for plugin_name in plugin_names: - module_name = "%s.%s" % (plugin_base, plugin_name) -- mod = sys.modules.get(module_name) -- if mod is not None: -- log_debug("load_plugins() %s previously imported" % module_name) -- plugins.append(mod.plugin()) -- continue -+ - try: -- import imp -- mod_fp, mod_path, mod_description = imp.find_module(plugin_name, [plugin_dir]) -- mod = imp.load_module(module_name, mod_fp, mod_path, mod_description) -+ mod_spec = importlib.util.spec_from_file_location(module_name, plugin_dir + "/" + plugin_name + ".py") -+ mod = importlib.util.module_from_spec(mod_spec) -+ mod_spec.loader.exec_module(mod) - plugins.append(mod.plugin()) - except Exception as e: - syslog.syslog(syslog.LOG_ERR, "failed to load %s plugin: %s" % (plugin_name, str(e))) - -- if mod_fp: -- mod_fp.close() -- - plugins.sort(key=cmp_to_key(sort_plugins)) - return plugins - --- -2.41.0 - diff --git a/SOURCES/0002-Always-reset-pending-alarms-when-alarm-0.patch b/SOURCES/0002-Always-reset-pending-alarms-when-alarm-0.patch deleted file mode 100644 index 42006b8..0000000 --- a/SOURCES/0002-Always-reset-pending-alarms-when-alarm-0.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 659f10a0ab422251f4d6857fb34ddf1c25b21b37 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Wed, 3 May 2023 09:35:28 +0200 -Subject: [PATCH] Always reset pending alarms when alarm(0) -Content-type: text/plain - -Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2112573 - -Signed-off-by: Petr Lautrbach ---- - src/setroubleshoot/server.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/setroubleshoot/server.py b/src/setroubleshoot/server.py -index fd89a5448912..2b1b0b1c30d0 100755 ---- a/src/setroubleshoot/server.py -+++ b/src/setroubleshoot/server.py -@@ -703,7 +703,7 @@ Deletes an alert from the database. - return "" - - def alarm(self, timeout=10): -- if self.conn_ctr == 0: -+ if self.conn_ctr == 0 or timeout == 0: - signal.alarm(timeout) - - --- -2.41.0 - diff --git a/SOURCES/0003-gitlab-ci-use-apt-get-to-install-python3-dbus-packag.patch b/SOURCES/0003-gitlab-ci-use-apt-get-to-install-python3-dbus-packag.patch deleted file mode 100644 index 94c764b..0000000 --- a/SOURCES/0003-gitlab-ci-use-apt-get-to-install-python3-dbus-packag.patch +++ /dev/null @@ -1,52 +0,0 @@ -From 502d06c8fa86b53198a2f4aeb59efdf1203531d6 Mon Sep 17 00:00:00 2001 -From: Petr Lautrbach -Date: Wed, 3 May 2023 10:17:06 +0200 -Subject: [PATCH] gitlab-ci: use apt-get to install python3-dbus package -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit -Content-type: text/plain - -Fixes: -$ pip3 install dasbus -error: externally-managed-environment -× This environment is externally managed -╰─> To install Python packages system-wide, try apt install - python3-xyz, where xyz is the package you are trying to - install. - - If you wish to install a non-Debian-packaged Python package, - create a virtual environment using python3 -m venv path/to/venv. - Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make - sure you have python3-full installed. - - If you wish to install a non-Debian packaged Python application, - it may be easiest to use pipx install xyz, which will manage a - virtual environment for you. Make sure you have pipx installed. - - See /usr/share/doc/python3.11/README.venv for more information. -note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages. -hint: See PEP 668 for the detailed specification. - -Signed-off-by: Petr Lautrbach ---- - .gitlab-ci.yml | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml -index e82e12f66737..bea5081bb0b9 100644 ---- a/.gitlab-ci.yml -+++ b/.gitlab-ci.yml -@@ -30,8 +30,7 @@ build:debian: - - > - apt-get -y install autoconf automake libglib2.0-dev libdbus-glib-1-dev libnotify-dev - libgtk-3-dev gcc python3-selinux python3-gi python3-dbus python3-six python3-sepolicy -- xdg-utils make intltool libaudit-dev libauparse-dev python3-pip -- - pip3 install dasbus -+ xdg-utils make intltool libaudit-dev libauparse-dev python3-pip python3-dasbus - - ./autogen.sh - - make - - make install --- -2.41.0 - diff --git a/SOURCES/setroubleshoot.tmpfiles b/SOURCES/setroubleshoot.tmpfiles index 9e71e5f..a2ca6c4 100644 --- a/SOURCES/setroubleshoot.tmpfiles +++ b/SOURCES/setroubleshoot.tmpfiles @@ -1,2 +1,3 @@ d /run/setroubleshoot 711 setroubleshoot setroubleshoot - +d /var/lib/setroubleshoot 700 setroubleshoot setroubleshoot - Z /var/lib/setroubleshoot - setroubleshoot setroubleshoot - diff --git a/SPECS/setroubleshoot.spec b/SPECS/setroubleshoot.spec index 7ce64d1..9297604 100644 --- a/SPECS/setroubleshoot.spec +++ b/SPECS/setroubleshoot.spec @@ -3,18 +3,16 @@ Summary: Helps troubleshoot SELinux problems Name: setroubleshoot -Version: 3.3.32 -Release: 1%{?dist} +Version: 3.3.35 +Release: 2%{?dist} License: GPL-2.0-or-later URL: https://gitlab.com/setroubleshoot/setroubleshoot Source0: https://gitlab.com/setroubleshoot/setroubleshoot/-/archive/%{version}/setroubleshoot-%{version}.tar.gz Source1: %{name}.tmpfiles Source2: %{name}.sysusers -# git format-patch -N 3.3.32 +# git format-patch -N 3.3.35 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done -Patch0001: 0001-imp-module-is-deprecated-in-favor-of-importlib.patch -Patch0002: 0002-Always-reset-pending-alarms-when-alarm-0.patch -Patch0003: 0003-gitlab-ci-use-apt-get-to-install-python3-dbus-packag.patch +Patch0001: 0001-audit_data-include-syslog-when-needed.patch BuildRequires: gcc BuildRequires: make BuildRequires: libcap-ng-devel @@ -24,6 +22,7 @@ BuildRequires: audit-libs-devel >= 3.0.1 BuildRequires: python3-libselinux python3-dasbus python3-gobject gtk3-devel # for the _tmpfilesdir macro BuildRequires: systemd-rpm-macros +BuildRequires: git-core Requires: %{name}-server = %{version}-%{release} Requires: gtk3, libnotify Requires: libreport-gtk >= 2.2.1-2, python3-libreport @@ -68,7 +67,7 @@ to user preference. The same tools can be run on existing log files. %prep -%autosetup -p 1 +%autosetup -p 1 -S git %build ./autogen.sh @@ -194,6 +193,18 @@ to user preference. The same tools can be run on existing log files. %doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO %changelog +* Tue Jul 01 2025 Vit Mojzis - 3.3.35-2 +- audit_data: include syslog when needed (RHEL-39978) + +* Thu Mar 13 2025 Petr Lautrbach - 3.3.35-1 +- Update tmpfiles.d config (bz#2346971) +- Do not hardcode /var/lib/selinux as store_root +- data: update app icon +- Enable Georgian and Arabic (ar) languages in configure.ac +- Update translations +- Ship with contemporary app icon +- Check that SELinux is enabled before running (rhbz#2178950) + * Thu Jul 27 2023 Petr Lautrbach - 3.3.32-1 - Always reset pending alarms when alarm(0) (rhbz#2112573) - 'imp' module is deprecated in favor of 'importlib' (rhbz#2224393)