setroubleshoot-3.3.31
- Add a screen reader label to the icon - seapplet: avoid ValueError when parsing sealert.conf - doc: Document performance related changes - Decrease setroubleshootd priority and limit RAM utilization to 1GB - Use setup from setuptools - Use `pip install` instead of `setup.py install` Resolves: rhbz#2145149
This commit is contained in:
parent
478d060779
commit
b79257be58
3
.gitignore
vendored
3
.gitignore
vendored
@ -213,3 +213,6 @@ setroubleshoot-2.2.93.tar.gz
|
||||
/setroubleshoot-3.3.26.tar.gz
|
||||
/framework-3.3.27.tar.gz
|
||||
/setroubleshoot-3.3.28.tar.gz
|
||||
/setroubleshoot-3.3.29.tar.gz
|
||||
/setroubleshoot-3.3.30.tar.gz
|
||||
/setroubleshoot-3.3.31.tar.gz
|
||||
|
@ -1,268 +0,0 @@
|
||||
From 5bec01e56c565dfedd077bf4fad20cbc03de312e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
||||
Date: Fri, 22 Apr 2022 16:27:02 +0200
|
||||
Subject: [PATCH] Fix couple of typos
|
||||
|
||||
Found by codespell
|
||||
---
|
||||
doc/audit_notes.txt | 2 +-
|
||||
doc/developers_guide.wiki | 10 +++++-----
|
||||
doc/user_faq.wiki | 12 ++++++------
|
||||
src/config.py.in | 4 ++--
|
||||
src/sealert | 4 ++--
|
||||
src/sedispatch.c | 2 +-
|
||||
src/setroubleshoot/Plugin.py | 4 ++--
|
||||
src/setroubleshoot/audit_data.py | 2 +-
|
||||
src/setroubleshoot/browser.py | 4 ++--
|
||||
src/setroubleshoot/gui_utils.py | 2 +-
|
||||
src/setroubleshoot/server.py | 2 +-
|
||||
11 files changed, 24 insertions(+), 24 deletions(-)
|
||||
|
||||
diff --git a/doc/audit_notes.txt b/doc/audit_notes.txt
|
||||
index d48c03e..6cc68ad 100644
|
||||
--- a/doc/audit_notes.txt
|
||||
+++ b/doc/audit_notes.txt
|
||||
@@ -61,7 +61,7 @@ AVC_AUDIT_DATA_NET
|
||||
laddr: local address (i.e. source address) ?? is this the same as "saddr"?
|
||||
lport: local port (i.e. source port)
|
||||
faddr: foreign address (i.e. destination address) ?? is this the same as "addr"?
|
||||
- fport: foreign port (i.e. desination port)
|
||||
+ fport: foreign port (i.e. destination port)
|
||||
else if AF_UNIX:
|
||||
"path=%s"
|
||||
path: UNIX socket path name
|
||||
diff --git a/doc/developers_guide.wiki b/doc/developers_guide.wiki
|
||||
index bac843d..2570c1b 100644
|
||||
--- a/doc/developers_guide.wiki
|
||||
+++ b/doc/developers_guide.wiki
|
||||
@@ -105,12 +105,12 @@ component of setroubleshoot (sealert) benefits from its integration
|
||||
with the desktop session, but this is independent of the issue of
|
||||
where and how the AVC alert information is derived from. By analogy a
|
||||
web browser benefits from DBUS integration on the desktop but its data
|
||||
-commuication remains HTTP to remote nodes.
|
||||
+communication remains HTTP to remote nodes.
|
||||
|
||||
=== What is the data channel between the client and server? ===
|
||||
|
||||
The connection is a socket. By default the socket is a local UNIX
|
||||
-domain socket for enhanced security. However, it is trival to
|
||||
+domain socket for enhanced security. However, it is trivial to
|
||||
configure the client/server code to use INET sockets instead to
|
||||
accommodate remote connections. The vast bulk of the code is agnostic
|
||||
with regards to the socket type.
|
||||
@@ -418,7 +418,7 @@ children of the <arg> node and construct a SEDatabaseProperties from
|
||||
the values we parse.
|
||||
|
||||
At this point the we lookup the rpc_id to see what callbacks were
|
||||
-associated with the originial database_bind() call. For every callback
|
||||
+associated with the original database_bind() call. For every callback
|
||||
bound to this call we call the callback passing the
|
||||
SEDatabaseProperties object we constructed from the XML body.
|
||||
|
||||
@@ -597,7 +597,7 @@ portable representation. The portable representation should be very
|
||||
well defined. Lacking a well defined representation for the object
|
||||
also means it's difficult to provide defaults for member values, to
|
||||
validate its structure, guard against injecting superfluous data,
|
||||
-especially if the extra data is malicous in intent, convert between
|
||||
+especially if the extra data is malicious in intent, convert between
|
||||
versions of the representation, etc. Automatic serialization via
|
||||
introspection is like programming in Basic were everything is a global
|
||||
variable.
|
||||
@@ -608,7 +608,7 @@ are not part of the definition can never be introduced via
|
||||
serilization. Malformed representations are easy to detect. Values can
|
||||
be assigned types. Versioning can be used to upgrade and downgrade
|
||||
representations. The representation can be controlled to take
|
||||
-advantage of XML features and tailor the reprensentation to optimize
|
||||
+advantage of XML features and tailor the representation to optimize
|
||||
for size or speed.
|
||||
|
||||
One of the original goals of the project included communicating data
|
||||
diff --git a/doc/user_faq.wiki b/doc/user_faq.wiki
|
||||
index efe6f12..337855e 100644
|
||||
--- a/doc/user_faq.wiki
|
||||
+++ b/doc/user_faq.wiki
|
||||
@@ -468,7 +468,7 @@ file where logging will be directed. If no file is set logging goes to
|
||||
the console. By default there is no file set for sealert because its a
|
||||
per user log file and by default we don't want to be writing user
|
||||
files. The 'console' flag will also send logging messages to the
|
||||
-console if otherwise they are also being writtin to a log file (if
|
||||
+console if otherwise they are also being written to a log file (if
|
||||
there is no log file, messages are directed to the console). There is
|
||||
also a 'categories' list which will allow you to select functional
|
||||
areas to log. By default all categories are logged.
|
||||
@@ -515,7 +515,7 @@ Every time a denial event is recognized it is converted to an
|
||||
[#alert-signature alert signature], a general way of describing the
|
||||
denial event. Then the [#alert-database alert database] is consulted
|
||||
to see if the denial has been seen before, if so its report count is
|
||||
-incremented, otherwise it's added to the database. Irregardless of
|
||||
+incremented, otherwise it's added to the database. Regardless of
|
||||
whether the denial was previously in the alert database or not a full
|
||||
analysis is run on the denial event to produce a [#analysis-report
|
||||
analysis report]. The most recent analysis report of the denial event
|
||||
@@ -529,7 +529,7 @@ most recent occurrence of the denial event.
|
||||
The kernel audit subsystem emits a message whenever SELinux denies
|
||||
permission (or would have denied permission). These messages describe
|
||||
the particulars of what the kernel is doing at the moment and is not a
|
||||
-complete desciption of the denial (which we term [#denial-event denial
|
||||
+complete description of the denial (which we term [#denial-event denial
|
||||
event]. As the kernel continues to process the system call which
|
||||
triggered the AVC additional messages may be emitted independently
|
||||
which when combined fully describe the denial event. Thus any one AVC
|
||||
@@ -558,7 +558,7 @@ items such as the version of the SELinux policy, the version of the
|
||||
operating system, the RPM package and version the software which
|
||||
triggered the denial came from, etc.
|
||||
|
||||
-However envionmental information can only be reliably gathered at the
|
||||
+However environmental information can only be reliably gathered at the
|
||||
moment the denial occurred. If one queried the system for
|
||||
environmental information at a later point in time, for instance
|
||||
during log file scanning, then the environment may have changed in the
|
||||
@@ -586,7 +586,7 @@ signature.
|
||||
Alert signatures are a means to describe a general denial. For most
|
||||
users this can be thought of as an "SELinux problem" such as "the web
|
||||
server can't execute CGI scripts". A signature collects the minimal
|
||||
-information necessary to uniquely descibe a SELinux denial, but no
|
||||
+information necessary to uniquely desrcibe a SELinux denial, but no
|
||||
more information than is necessary otherwise the signature would begin
|
||||
to describe specific instances rather than a general problem. However the
|
||||
content of the signature must be unique enough so that denial events
|
||||
@@ -611,7 +611,7 @@ When a [#denial-event denial event] enters the system for analysis
|
||||
each analysis plugin is given an opportunity to examine the denial
|
||||
event. If the plugin recognizes the denial event it creates an
|
||||
analysis report providing as much information as it can about the
|
||||
-event such as a summmary, a detailed description, how one might fix
|
||||
+event such as a summary, a detailed description, how one might fix
|
||||
the problem, etc. The analysis report is the bulk of the information
|
||||
presented to the user when he or she views an alert. The analysis
|
||||
report may optionally be merged with [#alert-environment-info
|
||||
diff --git a/src/config.py.in b/src/config.py.in
|
||||
index 7fd10d9..a44be7b 100644
|
||||
--- a/src/config.py.in
|
||||
+++ b/src/config.py.in
|
||||
@@ -261,7 +261,7 @@ provide remote connections use this "{unix}%(path)s, hostname"
|
||||
'value': 'warning',
|
||||
'description' : '''
|
||||
setroubleshootd logging level. Levels are the same as in the python logging
|
||||
-module, but are case insenstive. The defined levels in severity order
|
||||
+module, but are case insensitive. The defined levels in severity order
|
||||
are:[CRITICAL, ERROR, WARNING, INFO, DEBUG]''',
|
||||
},
|
||||
'log_full_report': {
|
||||
@@ -274,7 +274,7 @@ are:[CRITICAL, ERROR, WARNING, INFO, DEBUG]''',
|
||||
'value': 'warning',
|
||||
'description' : '''
|
||||
sealert logging level. Levels are the same as in the python logging
|
||||
-module, but are case insenstive. The defined levels in severity order are:
|
||||
+module, but are case insensitive. The defined levels in severity order are:
|
||||
[CRITICAL, ERROR, WARNING, INFO, DEBUG]''',
|
||||
},
|
||||
},
|
||||
diff --git a/src/sealert b/src/sealert
|
||||
index 2663a21..f56f60a 100755
|
||||
--- a/src/sealert
|
||||
+++ b/src/sealert
|
||||
@@ -372,7 +372,7 @@ class SEAlert(object):
|
||||
|
||||
self.alert_client.connect('alert', self.alert)
|
||||
|
||||
- # If there is no presentation mananger make sure when the
|
||||
+ # If there is no presentation manager make sure when the
|
||||
# user closes the window the whole application exits. When running
|
||||
# in "alert" mode we want the application to persist in the background
|
||||
self.browser.window_delete_hides = False
|
||||
@@ -562,7 +562,7 @@ def do_analyze_logfile(logfile_path):
|
||||
def display_terminal_traceback(who):
|
||||
import traceback
|
||||
stacktrace = traceback.format_exc()
|
||||
- print(_("Opps, %s hit an error!" % who) + '\n\n' + stacktrace)
|
||||
+ print(_("Oops, %s hit an error!" % who) + '\n\n' + stacktrace)
|
||||
|
||||
try:
|
||||
from setroubleshoot.gui_utils import display_traceback
|
||||
diff --git a/src/sedispatch.c b/src/sedispatch.c
|
||||
index 371db0d..ed900b0 100644
|
||||
--- a/src/sedispatch.c
|
||||
+++ b/src/sedispatch.c
|
||||
@@ -248,7 +248,7 @@ static void handle_event(auparse_state_t *au,
|
||||
|
||||
#ifdef NOTUSED
|
||||
/* This function shows how to iterate through the fields of a record
|
||||
- * and print its name and raw value and interpretted value. */
|
||||
+ * and print its name and raw value and interpreted value. */
|
||||
static void dump_fields_of_record(auparse_state_t *au)
|
||||
{
|
||||
printf("record type %d(%s) has %d fields\n", auparse_get_type(au),
|
||||
diff --git a/src/setroubleshoot/Plugin.py b/src/setroubleshoot/Plugin.py
|
||||
index 8fba3f8..e4783d9 100644
|
||||
--- a/src/setroubleshoot/Plugin.py
|
||||
+++ b/src/setroubleshoot/Plugin.py
|
||||
@@ -74,10 +74,10 @@ class Plugin(object):
|
||||
* $SOURCE_PACKAGE - name of the package which contains the
|
||||
executable (from $SOURCE_PATH).
|
||||
* $PORT_NUMBER - the port number for the connection denied.
|
||||
- Additional subtitutions can be added with set_template_substitutions.
|
||||
+ Additional substitutions can be added with set_template_substitutions.
|
||||
|
||||
You can also optional pass the name for a single boolean which will be
|
||||
- used to set the $BOOLEAN subtitution into Plugin.__init__.
|
||||
+ used to set the $BOOLEAN substitution into Plugin.__init__.
|
||||
o
|
||||
You can also set the level, of the alert, if the plugin believes discovers
|
||||
a signature of an attack, the level should be set to red
|
||||
diff --git a/src/setroubleshoot/audit_data.py b/src/setroubleshoot/audit_data.py
|
||||
index f11fc27..fbece5d 100644
|
||||
--- a/src/setroubleshoot/audit_data.py
|
||||
+++ b/src/setroubleshoot/audit_data.py
|
||||
@@ -769,7 +769,7 @@ class AVC:
|
||||
'''Derive the target path.
|
||||
|
||||
If path information is available the avc record will have a path field
|
||||
- and no name field because the path field is more specific and supercedes
|
||||
+ and no name field because the path field is more specific and supersedes
|
||||
name. The name field is typically the directory entry.
|
||||
|
||||
For some special files the kernel embeds instance information
|
||||
diff --git a/src/setroubleshoot/browser.py b/src/setroubleshoot/browser.py
|
||||
index 4801583..bba419f 100644
|
||||
--- a/src/setroubleshoot/browser.py
|
||||
+++ b/src/setroubleshoot/browser.py
|
||||
@@ -327,8 +327,8 @@ class BrowserApplet:
|
||||
alert_date = alert.last_seen_date
|
||||
start_date = alert.first_seen_date
|
||||
# %c - Locale’s approrpiate date and time representation
|
||||
- date_formated = alert_date.format("%c")
|
||||
- self.date_label.set_label(date_formated)
|
||||
+ date_formatted = alert_date.format("%c")
|
||||
+ self.date_label.set_label(date_formatted)
|
||||
|
||||
def on_receive_button_changed(self, widget):
|
||||
found = False
|
||||
diff --git a/src/setroubleshoot/gui_utils.py b/src/setroubleshoot/gui_utils.py
|
||||
index 183f83d..e822047 100644
|
||||
--- a/src/setroubleshoot/gui_utils.py
|
||||
+++ b/src/setroubleshoot/gui_utils.py
|
||||
@@ -53,7 +53,7 @@ def display_traceback(who, parent=None):
|
||||
import traceback
|
||||
|
||||
stacktrace = traceback.format_exc()
|
||||
- message = _("Opps, %s hit an error!" % who)
|
||||
+ message = _("Oops, %s hit an error!" % who)
|
||||
|
||||
title = who + ' ' + _("Error")
|
||||
dlg = Gtk.Dialog(title, parent, 0, (Gtk.STOCK_OK, Gtk.ResponseType.OK))
|
||||
diff --git a/src/setroubleshoot/server.py b/src/setroubleshoot/server.py
|
||||
index 10ef215..37775b6 100755
|
||||
--- a/src/setroubleshoot/server.py
|
||||
+++ b/src/setroubleshoot/server.py
|
||||
@@ -812,7 +812,7 @@ def RunFaultServer(timeout=10):
|
||||
import six.moves.queue
|
||||
analysis_queue = six.moves.queue.Queue(0)
|
||||
|
||||
- # Create a thread to peform analysis, it takes AVC objects off
|
||||
+ # Create a thread to perform analysis, it takes AVC objects off
|
||||
# the analysis queue and runs the plugins against the
|
||||
# AVC. Analysis requests in the queue may arrive from a
|
||||
# variety of places; from the audit system, from a log file
|
||||
--
|
||||
2.35.3
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -3,8 +3,8 @@
|
||||
|
||||
Summary: Helps troubleshoot SELinux problems
|
||||
Name: setroubleshoot
|
||||
Version: 3.3.28
|
||||
Release: 4%{?dist}
|
||||
Version: 3.3.31
|
||||
Release: 1%{?dist}
|
||||
License: GPLv2+
|
||||
URL: https://gitlab.com/setroubleshoot/setroubleshoot
|
||||
Source0: https://gitlab.com/setroubleshoot/setroubleshoot/-/archive/%{version}/setroubleshoot-%{version}.tar.gz
|
||||
@ -12,12 +12,10 @@ Source1: %{name}.tmpfiles
|
||||
Source2: %{name}.sysusers
|
||||
# git format-patch -N 3.3.28
|
||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||
Patch0001: 0001-Fix-couple-of-typos.patch
|
||||
Patch0002: 0002-Update-translations.patch
|
||||
BuildRequires: gcc
|
||||
BuildRequires: make
|
||||
BuildRequires: libcap-ng-devel
|
||||
BuildRequires: intltool gettext python3 python3-devel
|
||||
BuildRequires: intltool gettext python3 python3-devel python3-setuptools python3-pip
|
||||
BuildRequires: desktop-file-utils dbus-glib-devel libnotify-devel libselinux-devel polkit-devel
|
||||
BuildRequires: audit-libs-devel >= 3.0.1
|
||||
BuildRequires: python3-libselinux python3-dasbus python3-gobject gtk3-devel
|
||||
@ -55,7 +53,7 @@ to user preference. The same tools can be run on existing log files.
|
||||
%{pkgguidir}
|
||||
%config(noreplace) %{_sysconfdir}/xdg/autostart/*
|
||||
%{_datadir}/applications/*.desktop
|
||||
%{_datadir}/appdata/*.appdata.xml
|
||||
%{_metainfodir}/*.appdata.xml
|
||||
%{_datadir}/dbus-1/services/sealert.service
|
||||
%{_datadir}/icons/hicolor/*/*/*
|
||||
%dir %attr(0755,root,root) %{pkgpythondir}
|
||||
@ -181,6 +179,7 @@ to user preference. The same tools can be run on existing log files.
|
||||
%{_mandir}/man8/sedispatch.8.gz
|
||||
%{_mandir}/man8/setroubleshootd.8.gz
|
||||
%config /etc/audit/plugins.d/sedispatch.conf
|
||||
%{_unitdir}/setroubleshootd.service
|
||||
%{_datadir}/dbus-1/system-services/org.fedoraproject.Setroubleshootd.service
|
||||
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootPrivileged.service
|
||||
%{_datadir}/polkit-1/actions/org.fedoraproject.setroubleshootfixit.policy
|
||||
@ -192,9 +191,24 @@ to user preference. The same tools can be run on existing log files.
|
||||
%doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO
|
||||
|
||||
%changelog
|
||||
* Wed Sep 07 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.28-4
|
||||
- Update translations (#2062661)
|
||||
- Fix couple of typos
|
||||
* Wed Nov 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.3.31-1
|
||||
- Add a screen reader label to the icon
|
||||
- seapplet: avoid ValueError when parsing sealert.conf
|
||||
- doc: Document performance related changes
|
||||
- Decrease setroubleshootd priority and limit RAM utilization to 1GB
|
||||
- Use setup from setuptools
|
||||
- Use `pip install` instead of `setup.py install`
|
||||
|
||||
* Tue Jun 28 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.30-1
|
||||
- Miscellaneous python and build system changes
|
||||
- Fix couple of typos
|
||||
- Drop Python2 support
|
||||
- Use inspect.signature() instead of instead.getargspec()
|
||||
- Update translations
|
||||
|
||||
* Wed Mar 30 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.29-1
|
||||
- Introduce email.use_sendmail option
|
||||
- Update translations
|
||||
|
||||
* Wed Mar 09 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.28-3
|
||||
- Update translations (#2017386)
|
||||
|
2
sources
2
sources
@ -1 +1 @@
|
||||
SHA512 (setroubleshoot-3.3.28.tar.gz) = 20039d5c31e224eaa71316940ba37c3505a0427b51d09d6e339876c1412149377365bbf792e74a13e457e4915403464e9730132cbf82d15b2e587ac15ba8ea18
|
||||
SHA512 (setroubleshoot-3.3.31.tar.gz) = e3ab60a81c851e1a68b43e6e08b6901caa2c507318ccb24992d24cca785cd3fbbb9e3d94b51f214a42ee3aba200d6d92eefaf38b71251794489a51844913ed64
|
||||
|
Loading…
Reference in New Issue
Block a user