diff --git a/.cvsignore b/.cvsignore index 9866126..d514f27 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1 +1 @@ -setroubleshoot-1.9.7.tar.gz +setroubleshoot-1.10.3.tar.gz diff --git a/setroubleshoot.init b/setroubleshoot.init index 425c8bf..63092e0 100755 --- a/setroubleshoot.init +++ b/setroubleshoot.init @@ -9,22 +9,50 @@ # config: /etc/setroubleshoot/setroubleshoot.cfg # pidfile: /var/run/setroubleshoot.pid # + +### BEGIN INIT INFO +# Provides: lsb-setroubleshootd +# Required-Start: $local_fs $syslog $network $named +# Required-Stop: $local_fs $syslog $network $named +# Default-Start: 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start and stop SELinux Troubleshooting Daemon +# Description: controls operation of the SELinux Troubleshooting Daemon +# (setroubleshootd) which listens for SELinux AVC denial messages +# analyzes it and provides a friendly interpretation. +### END INIT INFO + # Return values according to LSB for all commands but status: -# 0 - success -# 1 - generic or unspecified error -# 2 - invalid or excess argument(s) -# 3 - unimplemented feature (e.g. "reload") -# 4 - insufficient privilege -# 5 - program is not installed -# 6 - program is not configured -# 7 - program is not running +# 0 success +# 1 generic or unspecified error (current practice) +# 2 invalid or excess argument(s) +# 3 unimplemented feature (for example, "reload") +# 4 user had insufficient privilege +# 5 program is not installed +# 6 program is not configured +# 7 program is not running + +# Command argument +# start start the service +# stop stop the service +# restart stop and restart the service if the service is already running, otherwise start the service +# try-restart restart the service if the service is already running +# reload cause the configuration of the service to be reloaded without actually stopping and restarting the service +# force-reload cause the configuration to be reloaded if the service supports this, otherwise restart the service if it is running +# status print the current status of the service + +# start, stop, restart, force-reload, and status actions must be supported +# reload and the try-restart actions are optional. +# the init script. + + PATH=/sbin:/bin:/usr/bin:/usr/sbin # Source function library. +# /lib/lsb/init-functions . /etc/init.d/functions - # Silently exit is SELinux is not enabled [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 1 @@ -99,17 +127,17 @@ case "$1" in restart) restart ;; - reload) + force-reload|reload) reload ;; - condrestart) + try-restart|condrestart) condrestart ;; cleardb) cleardb ;; *) - echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|cleardb}" + echo $"Usage: $0 {start|stop|status|restart|try-restart|condrestart|reload|force-reload|cleardb}" RETVAL=3 esac diff --git a/setroubleshoot.spec b/setroubleshoot.spec index 930e7e9..4d4b9ac 100644 --- a/setroubleshoot.spec +++ b/setroubleshoot.spec @@ -1,10 +1,10 @@ Summary: Helps troubleshoot SELinux problems Name: setroubleshoot -Version: 1.9.7 +Version: 1.10.3 Release: 1%{?dist} -License: GPL +License: GPLv2+ Group: Applications/System -URL: http://www.redhat.com/ +URL: https://hosted.fedoraproject.org/projects/setroubleshoot Source0: %{name}-%{version}.tar.gz Source1: setroubleshoot.init Source2: setroubleshoot.logrotate @@ -12,25 +12,32 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch BuildRequires: perl-XML-Parser Requires: %{name}-server = %{version}-%{release} +Requires: %{name}-plugins Requires: pygtk2 >= 2.9.2 Requires: gnome-python2, gnome-python2-canvas -Requires: usermode, rhpl BuildRequires: desktop-file-utils Requires: gnome-python2-gtkhtml2 +Requires: dbus +Requires: dbus-python +Requires: libxml2-python Requires(post): /usr/bin/update-desktop-database +Requires(post): dbus Requires(postun): /usr/bin/update-desktop-database +Requires(postun): dbus Requires: notify-python %{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} %define pkgpythondir %{python_sitelib}/%{name} %define pkgdocdir %{_datadir}/doc/%{name}-%{version} +%define pkgguidir %{_datadir}/%{name}/gui %define pkgdatadir %{_datadir}/%{name} %define pkglibexecdir %{_prefix}/libexec/%{name} %define pkgvardatadir %{_localstatedir}/lib/%{name} %define pkgrundir %{_localstatedir}/run/%{name} %define pkgconfigdir %{_sysconfdir}/%{name} %define pkglogdir %{_localstatedir}/log/%{name} +%define pkgdatabase %{pkgvardatadir}/audit_listener_database.xml %description setroubleshoot gui. Application that allows you to view setroubleshoot-server @@ -41,19 +48,21 @@ about the problem and help track its resolution. Alerts can be configured to user preference. The same tools can be run on existing log files. %files +%{pkgguidir} %{_sysconfdir}/xdg/autostart/* %{_datadir}/applications/*.desktop %{_datadir}/dbus-1/services/sealert.service %{_datadir}/icons/hicolor %dir %attr(0755,root,root) %{pkgpythondir} %{pkgpythondir}/browser.py* -%{pkgpythondir}/gui_utils.py* %{pkgpythondir}/email_dialog.py* +%{pkgpythondir}/gui_utils.py* %post /usr/bin/update-desktop-database %{_datadir}/applications touch --no-create %{_datadir}/icons/hicolor || : %{_bindir}/gtk-update-icon-cache --quiet %{_datadir}/icons/hicolor || : +dbus-send --system /com/redhat/setroubleshootd com.redhat.SEtroubleshootdIface.restart string:'rpm install' >/dev/null 2>&1 || : %postun /usr/bin/update-desktop-database %{_datadir}/applications @@ -72,7 +81,8 @@ rm -rf %{buildroot} make DESTDIR=%{buildroot} install %{__install} -D -m755 %{SOURCE1} %{buildroot}/etc/rc.d/init.d/%{name} %{__install} -D -m644 %{SOURCE2} %{buildroot}%{_sysconfdir}/logrotate.d/%{name} -touch %{buildroot}%{pkgvardatadir}/audit_listener_database.xml +desktop-file-install --vendor="" --dir=%{buildroot}%{_datadir}/applications %{buildroot}/%{_datadir}/applications/%{name}.desktop +touch %{buildroot}%{pkgdatabase} touch %{buildroot}%{pkgvardatadir}/email_alert_recipients %find_lang %{name} @@ -80,9 +90,16 @@ touch %{buildroot}%{pkgvardatadir}/email_alert_recipients Summary: SELinux troubleshoot server Group: Applications/System +Requires: %{name}-plugins Requires: audit >= 1.2.6-3 Requires: audit-libs-python >= 1.2.6-3 Requires: libselinux >= 1.30.15-1 +Requires: pygobject2 +Requires: dbus-python +Requires: libxml2-python +Requires: libselinux-python +Requires: audit-libs-python +Requires: libuser BuildRequires: intltool gettext python @@ -99,7 +116,10 @@ about the problem and help track its resolution. Alerts can be configured to user preference. The same tools can be run on existing log files. %post server -[ -f %{pkgvardatadir}/database.xml ] && chmod 644 %{pkgvardatadir}/database.xml +if [ -f %{pkgdatabase} ]; then + chown root:root %{pkgdatabase} >/dev/null 2>&1 || : + chmod 600 %{pkgdatabase} >/dev/null 2>&1 || : +fi /sbin/chkconfig --add %{name} /sbin/service %{name} condrestart >/dev/null 2>&1 || : @@ -126,8 +146,8 @@ rm -rf %{buildroot} %{pkgpythondir}/__init__.py* %{pkgpythondir}/access_control.py* %{pkgpythondir}/analyze.py* +%{pkgpythondir}/audit_data.py* %{pkgpythondir}/avc_audit.py* -%{pkgpythondir}/avc_auparse.py* %{pkgpythondir}/config.py* %{pkgpythondir}/email_alert.py* %{pkgpythondir}/errcode.py* @@ -142,15 +162,93 @@ rm -rf %{buildroot} %config %{pkgconfigdir}/%{name}.cfg %dir %{pkglogdir} %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} +%config %{_sysconfdir}/dbus-1/system.d/setroubleshootd.conf %dir %{pkgrundir} %dir %{pkgvardatadir} -%ghost %attr(0644,root,root) %{pkgvardatadir}/audit_listener_database.xml +%ghost %attr(0600,root,root) %{pkgdatabase} %ghost %attr(0644,root,root) %{pkgvardatadir}/email_alert_recipients %{_mandir}/man8/sealert.8.gz - -/etc/rc.d/init.d/%{name} +%attr(0755,root,root) /etc/rc.d/init.d/%{name} %changelog +* Sat Sep 8 2007 John Dennis - 1.10.3-1 + - modify avc_audit.py to use new audit_data.py implementation + + - can listen for audit events on either /var/run/audit_events + in bindary protocol mode or /var/run/audisp_events in + text protocol mode + +* Thu Sep 6 2007 John Dennis - 1.10.2-1 + - remove all copied code from test_setroubleshootd, now we import + from setroubleshoot + + - export ClientConnectionHandler from rpc.py as a base class. + Derive SetroubleshootdClientConnectionHandler and + AuditClientConnectionHandler from ClientConnectionHandler. + + - add audisp_listen as test program + + - create setroubleshoot sym link in top devel directory pointing + to src so import setroubleshoot.foo if PYTHONPATH=topdir + + - add get_option, convert_cfg_type to config.py.in so that one + can pass optional dict to override config file settings + + - rewrite log_init() so it's easier for other programs to use it, + fix the import logic concering log & config + + - remove log code from test_setroubleshoot, now just does import + from setroubleshoot. + + - test_setroubleshootd can now handle audit records in both text + and binary formats, can be selected by command line arg. It can now + either output to clients connecting on a socket or to stdout. Can + now optionally exit after N socket client connections. + + - remove non audit record lines from test data + + - remove config_init() and log_init() from package __init__.py + It was the wrong place to call them, now call them when the + process initializes before the first setroubleshoot imports + + - add parse_config_setting() and set_config() to config module + - setroubleshootd now accepts -c --config command line arg + - test_sectroubleshoot: add err defines & program_error exception + add is_valid() tests to assure we read a valid audit record + log the unrecognized line if not valid, clean up socket close() + + - Relates Bug #247056, update initscript to LSB standards + Note: LSB initscripts in Fedora is not yet a resolved issue, + the changes implemented were to add an LSB block and support + the new LSB try-restart and force-reload commands. However + the new /lib/lsb/init-functions are NOT currently used as this + is the unstable part. + +* Thu Aug 23 2007 John Dennis - 1.10.1-1 + - add BuildRequires perl-XML-Parser + +* Thu Aug 23 2007 John Dennis - 1.10.0-1 + + - move all plugins and their translations to independent package + - wrap XML generation inside try/except + - correct how access list is obtained in avc_auparse.py + - add try/except around top level of AnalyzeThread.run so exceptions + in the thread get reported and the analysis thread does not just die. + - also add try/except around LogfileThread.process_logfile + - add new function assure_file_ownership_permissions() + - server now forces it's database file permissions/ownership to be 0600 root:root + - rpm now forces the server's database file permissions/ownership to be 0600 root:root + - Resolves Bug #251545: Review Request: setroubleshoot-plugins - analysis plugins for setroubleshoot + - clean up some other rpmlint warnings in setroubleshoot.spec + - fix missing install of setroubleshoot icon and sym link to it + - Resolves Bug #251551, setroubleshoot shows up in in wrong desktop menu + also run desktop-file-install in rpm install + - add /etc/dbus-1/system.d/setroubleshootd.conf dbus configuration file + - Resolves Bug #250979, Bug #250932 Missing dependencies + - Restore plugins/Makefile.am which got nuked somehow + - remove dus.dbus_bindings.bus_name_has_owner(), deprecated as of F7 + - wrap rpm transactions in try/except + * Tue Jun 12 2007 John Dennis - 1.9.7-1 - Resolves Bug# 241739, this bug is the lead bug for several bug reports, all consequences of the same problem, setroubleshootd/sealert when run @@ -709,7 +807,7 @@ it has already been seen - fix allow_execmod plugin to report better data. * Mon Jun 26 2006 John Dennis - 0.3-1 - - add missing /var/log directory %files section in spec file, + - add missing /var/log directory files section in spec file, and add logrotate script * Mon Jun 26 2006 John Dennis - 0.2-1 diff --git a/sources b/sources index c259659..6e90688 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -cb39cb419aa3f3709811e721ef1bde41 setroubleshoot-1.9.7.tar.gz +6e5b7395364c637854d069c5cf2a45ba setroubleshoot-1.10.3.tar.gz