setroubleshoot-3.3.31

- Add a screen reader label to the icon
- seapplet: avoid ValueError when parsing sealert.conf
- doc: Document performance related changes
- Decrease setroubleshootd priority and limit RAM utilization to 1GB
- Use setup from setuptools
- Use `pip install` instead of `setup.py install`

Resolves: rhbz#2145149
This commit is contained in:
Petr Lautrbach 2022-11-23 15:51:01 +01:00
parent 478d060779
commit b79257be58
5 changed files with 27 additions and 41470 deletions

3
.gitignore vendored
View File

@ -213,3 +213,6 @@ setroubleshoot-2.2.93.tar.gz
/setroubleshoot-3.3.26.tar.gz
/framework-3.3.27.tar.gz
/setroubleshoot-3.3.28.tar.gz
/setroubleshoot-3.3.29.tar.gz
/setroubleshoot-3.3.30.tar.gz
/setroubleshoot-3.3.31.tar.gz

View File

@ -1,268 +0,0 @@
From 5bec01e56c565dfedd077bf4fad20cbc03de312e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Fri, 22 Apr 2022 16:27:02 +0200
Subject: [PATCH] Fix couple of typos
Found by codespell
---
doc/audit_notes.txt | 2 +-
doc/developers_guide.wiki | 10 +++++-----
doc/user_faq.wiki | 12 ++++++------
src/config.py.in | 4 ++--
src/sealert | 4 ++--
src/sedispatch.c | 2 +-
src/setroubleshoot/Plugin.py | 4 ++--
src/setroubleshoot/audit_data.py | 2 +-
src/setroubleshoot/browser.py | 4 ++--
src/setroubleshoot/gui_utils.py | 2 +-
src/setroubleshoot/server.py | 2 +-
11 files changed, 24 insertions(+), 24 deletions(-)
diff --git a/doc/audit_notes.txt b/doc/audit_notes.txt
index d48c03e..6cc68ad 100644
--- a/doc/audit_notes.txt
+++ b/doc/audit_notes.txt
@@ -61,7 +61,7 @@ AVC_AUDIT_DATA_NET
laddr: local address (i.e. source address) ?? is this the same as "saddr"?
lport: local port (i.e. source port)
faddr: foreign address (i.e. destination address) ?? is this the same as "addr"?
- fport: foreign port (i.e. desination port)
+ fport: foreign port (i.e. destination port)
else if AF_UNIX:
"path=%s"
path: UNIX socket path name
diff --git a/doc/developers_guide.wiki b/doc/developers_guide.wiki
index bac843d..2570c1b 100644
--- a/doc/developers_guide.wiki
+++ b/doc/developers_guide.wiki
@@ -105,12 +105,12 @@ component of setroubleshoot (sealert) benefits from its integration
with the desktop session, but this is independent of the issue of
where and how the AVC alert information is derived from. By analogy a
web browser benefits from DBUS integration on the desktop but its data
-commuication remains HTTP to remote nodes.
+communication remains HTTP to remote nodes.
=== What is the data channel between the client and server? ===
The connection is a socket. By default the socket is a local UNIX
-domain socket for enhanced security. However, it is trival to
+domain socket for enhanced security. However, it is trivial to
configure the client/server code to use INET sockets instead to
accommodate remote connections. The vast bulk of the code is agnostic
with regards to the socket type.
@@ -418,7 +418,7 @@ children of the <arg> node and construct a SEDatabaseProperties from
the values we parse.
At this point the we lookup the rpc_id to see what callbacks were
-associated with the originial database_bind() call. For every callback
+associated with the original database_bind() call. For every callback
bound to this call we call the callback passing the
SEDatabaseProperties object we constructed from the XML body.
@@ -597,7 +597,7 @@ portable representation. The portable representation should be very
well defined. Lacking a well defined representation for the object
also means it's difficult to provide defaults for member values, to
validate its structure, guard against injecting superfluous data,
-especially if the extra data is malicous in intent, convert between
+especially if the extra data is malicious in intent, convert between
versions of the representation, etc. Automatic serialization via
introspection is like programming in Basic were everything is a global
variable.
@@ -608,7 +608,7 @@ are not part of the definition can never be introduced via
serilization. Malformed representations are easy to detect. Values can
be assigned types. Versioning can be used to upgrade and downgrade
representations. The representation can be controlled to take
-advantage of XML features and tailor the reprensentation to optimize
+advantage of XML features and tailor the representation to optimize
for size or speed.
One of the original goals of the project included communicating data
diff --git a/doc/user_faq.wiki b/doc/user_faq.wiki
index efe6f12..337855e 100644
--- a/doc/user_faq.wiki
+++ b/doc/user_faq.wiki
@@ -468,7 +468,7 @@ file where logging will be directed. If no file is set logging goes to
the console. By default there is no file set for sealert because its a
per user log file and by default we don't want to be writing user
files. The 'console' flag will also send logging messages to the
-console if otherwise they are also being writtin to a log file (if
+console if otherwise they are also being written to a log file (if
there is no log file, messages are directed to the console). There is
also a 'categories' list which will allow you to select functional
areas to log. By default all categories are logged.
@@ -515,7 +515,7 @@ Every time a denial event is recognized it is converted to an
[#alert-signature alert signature], a general way of describing the
denial event. Then the [#alert-database alert database] is consulted
to see if the denial has been seen before, if so its report count is
-incremented, otherwise it's added to the database. Irregardless of
+incremented, otherwise it's added to the database. Regardless of
whether the denial was previously in the alert database or not a full
analysis is run on the denial event to produce a [#analysis-report
analysis report]. The most recent analysis report of the denial event
@@ -529,7 +529,7 @@ most recent occurrence of the denial event.
The kernel audit subsystem emits a message whenever SELinux denies
permission (or would have denied permission). These messages describe
the particulars of what the kernel is doing at the moment and is not a
-complete desciption of the denial (which we term [#denial-event denial
+complete description of the denial (which we term [#denial-event denial
event]. As the kernel continues to process the system call which
triggered the AVC additional messages may be emitted independently
which when combined fully describe the denial event. Thus any one AVC
@@ -558,7 +558,7 @@ items such as the version of the SELinux policy, the version of the
operating system, the RPM package and version the software which
triggered the denial came from, etc.
-However envionmental information can only be reliably gathered at the
+However environmental information can only be reliably gathered at the
moment the denial occurred. If one queried the system for
environmental information at a later point in time, for instance
during log file scanning, then the environment may have changed in the
@@ -586,7 +586,7 @@ signature.
Alert signatures are a means to describe a general denial. For most
users this can be thought of as an "SELinux problem" such as "the web
server can't execute CGI scripts". A signature collects the minimal
-information necessary to uniquely descibe a SELinux denial, but no
+information necessary to uniquely desrcibe a SELinux denial, but no
more information than is necessary otherwise the signature would begin
to describe specific instances rather than a general problem. However the
content of the signature must be unique enough so that denial events
@@ -611,7 +611,7 @@ When a [#denial-event denial event] enters the system for analysis
each analysis plugin is given an opportunity to examine the denial
event. If the plugin recognizes the denial event it creates an
analysis report providing as much information as it can about the
-event such as a summmary, a detailed description, how one might fix
+event such as a summary, a detailed description, how one might fix
the problem, etc. The analysis report is the bulk of the information
presented to the user when he or she views an alert. The analysis
report may optionally be merged with [#alert-environment-info
diff --git a/src/config.py.in b/src/config.py.in
index 7fd10d9..a44be7b 100644
--- a/src/config.py.in
+++ b/src/config.py.in
@@ -261,7 +261,7 @@ provide remote connections use this "{unix}%(path)s, hostname"
'value': 'warning',
'description' : '''
setroubleshootd logging level. Levels are the same as in the python logging
-module, but are case insenstive. The defined levels in severity order
+module, but are case insensitive. The defined levels in severity order
are:[CRITICAL, ERROR, WARNING, INFO, DEBUG]''',
},
'log_full_report': {
@@ -274,7 +274,7 @@ are:[CRITICAL, ERROR, WARNING, INFO, DEBUG]''',
'value': 'warning',
'description' : '''
sealert logging level. Levels are the same as in the python logging
-module, but are case insenstive. The defined levels in severity order are:
+module, but are case insensitive. The defined levels in severity order are:
[CRITICAL, ERROR, WARNING, INFO, DEBUG]''',
},
},
diff --git a/src/sealert b/src/sealert
index 2663a21..f56f60a 100755
--- a/src/sealert
+++ b/src/sealert
@@ -372,7 +372,7 @@ class SEAlert(object):
self.alert_client.connect('alert', self.alert)
- # If there is no presentation mananger make sure when the
+ # If there is no presentation manager make sure when the
# user closes the window the whole application exits. When running
# in "alert" mode we want the application to persist in the background
self.browser.window_delete_hides = False
@@ -562,7 +562,7 @@ def do_analyze_logfile(logfile_path):
def display_terminal_traceback(who):
import traceback
stacktrace = traceback.format_exc()
- print(_("Opps, %s hit an error!" % who) + '\n\n' + stacktrace)
+ print(_("Oops, %s hit an error!" % who) + '\n\n' + stacktrace)
try:
from setroubleshoot.gui_utils import display_traceback
diff --git a/src/sedispatch.c b/src/sedispatch.c
index 371db0d..ed900b0 100644
--- a/src/sedispatch.c
+++ b/src/sedispatch.c
@@ -248,7 +248,7 @@ static void handle_event(auparse_state_t *au,
#ifdef NOTUSED
/* This function shows how to iterate through the fields of a record
- * and print its name and raw value and interpretted value. */
+ * and print its name and raw value and interpreted value. */
static void dump_fields_of_record(auparse_state_t *au)
{
printf("record type %d(%s) has %d fields\n", auparse_get_type(au),
diff --git a/src/setroubleshoot/Plugin.py b/src/setroubleshoot/Plugin.py
index 8fba3f8..e4783d9 100644
--- a/src/setroubleshoot/Plugin.py
+++ b/src/setroubleshoot/Plugin.py
@@ -74,10 +74,10 @@ class Plugin(object):
* $SOURCE_PACKAGE - name of the package which contains the
executable (from $SOURCE_PATH).
* $PORT_NUMBER - the port number for the connection denied.
- Additional subtitutions can be added with set_template_substitutions.
+ Additional substitutions can be added with set_template_substitutions.
You can also optional pass the name for a single boolean which will be
- used to set the $BOOLEAN subtitution into Plugin.__init__.
+ used to set the $BOOLEAN substitution into Plugin.__init__.
o
You can also set the level, of the alert, if the plugin believes discovers
a signature of an attack, the level should be set to red
diff --git a/src/setroubleshoot/audit_data.py b/src/setroubleshoot/audit_data.py
index f11fc27..fbece5d 100644
--- a/src/setroubleshoot/audit_data.py
+++ b/src/setroubleshoot/audit_data.py
@@ -769,7 +769,7 @@ class AVC:
'''Derive the target path.
If path information is available the avc record will have a path field
- and no name field because the path field is more specific and supercedes
+ and no name field because the path field is more specific and supersedes
name. The name field is typically the directory entry.
For some special files the kernel embeds instance information
diff --git a/src/setroubleshoot/browser.py b/src/setroubleshoot/browser.py
index 4801583..bba419f 100644
--- a/src/setroubleshoot/browser.py
+++ b/src/setroubleshoot/browser.py
@@ -327,8 +327,8 @@ class BrowserApplet:
alert_date = alert.last_seen_date
start_date = alert.first_seen_date
# %c - Locales approrpiate date and time representation
- date_formated = alert_date.format("%c")
- self.date_label.set_label(date_formated)
+ date_formatted = alert_date.format("%c")
+ self.date_label.set_label(date_formatted)
def on_receive_button_changed(self, widget):
found = False
diff --git a/src/setroubleshoot/gui_utils.py b/src/setroubleshoot/gui_utils.py
index 183f83d..e822047 100644
--- a/src/setroubleshoot/gui_utils.py
+++ b/src/setroubleshoot/gui_utils.py
@@ -53,7 +53,7 @@ def display_traceback(who, parent=None):
import traceback
stacktrace = traceback.format_exc()
- message = _("Opps, %s hit an error!" % who)
+ message = _("Oops, %s hit an error!" % who)
title = who + ' ' + _("Error")
dlg = Gtk.Dialog(title, parent, 0, (Gtk.STOCK_OK, Gtk.ResponseType.OK))
diff --git a/src/setroubleshoot/server.py b/src/setroubleshoot/server.py
index 10ef215..37775b6 100755
--- a/src/setroubleshoot/server.py
+++ b/src/setroubleshoot/server.py
@@ -812,7 +812,7 @@ def RunFaultServer(timeout=10):
import six.moves.queue
analysis_queue = six.moves.queue.Queue(0)
- # Create a thread to peform analysis, it takes AVC objects off
+ # Create a thread to perform analysis, it takes AVC objects off
# the analysis queue and runs the plugins against the
# AVC. Analysis requests in the queue may arrive from a
# variety of places; from the audit system, from a log file
--
2.35.3

File diff suppressed because it is too large Load Diff

View File

@ -3,8 +3,8 @@
Summary: Helps troubleshoot SELinux problems
Name: setroubleshoot
Version: 3.3.28
Release: 4%{?dist}
Version: 3.3.31
Release: 1%{?dist}
License: GPLv2+
URL: https://gitlab.com/setroubleshoot/setroubleshoot
Source0: https://gitlab.com/setroubleshoot/setroubleshoot/-/archive/%{version}/setroubleshoot-%{version}.tar.gz
@ -12,12 +12,10 @@ Source1: %{name}.tmpfiles
Source2: %{name}.sysusers
# git format-patch -N 3.3.28
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
Patch0001: 0001-Fix-couple-of-typos.patch
Patch0002: 0002-Update-translations.patch
BuildRequires: gcc
BuildRequires: make
BuildRequires: libcap-ng-devel
BuildRequires: intltool gettext python3 python3-devel
BuildRequires: intltool gettext python3 python3-devel python3-setuptools python3-pip
BuildRequires: desktop-file-utils dbus-glib-devel libnotify-devel libselinux-devel polkit-devel
BuildRequires: audit-libs-devel >= 3.0.1
BuildRequires: python3-libselinux python3-dasbus python3-gobject gtk3-devel
@ -55,7 +53,7 @@ to user preference. The same tools can be run on existing log files.
%{pkgguidir}
%config(noreplace) %{_sysconfdir}/xdg/autostart/*
%{_datadir}/applications/*.desktop
%{_datadir}/appdata/*.appdata.xml
%{_metainfodir}/*.appdata.xml
%{_datadir}/dbus-1/services/sealert.service
%{_datadir}/icons/hicolor/*/*/*
%dir %attr(0755,root,root) %{pkgpythondir}
@ -181,6 +179,7 @@ to user preference. The same tools can be run on existing log files.
%{_mandir}/man8/sedispatch.8.gz
%{_mandir}/man8/setroubleshootd.8.gz
%config /etc/audit/plugins.d/sedispatch.conf
%{_unitdir}/setroubleshootd.service
%{_datadir}/dbus-1/system-services/org.fedoraproject.Setroubleshootd.service
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootPrivileged.service
%{_datadir}/polkit-1/actions/org.fedoraproject.setroubleshootfixit.policy
@ -192,9 +191,24 @@ to user preference. The same tools can be run on existing log files.
%doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO
%changelog
* Wed Sep 07 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.28-4
- Update translations (#2062661)
- Fix couple of typos
* Wed Nov 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.3.31-1
- Add a screen reader label to the icon
- seapplet: avoid ValueError when parsing sealert.conf
- doc: Document performance related changes
- Decrease setroubleshootd priority and limit RAM utilization to 1GB
- Use setup from setuptools
- Use `pip install` instead of `setup.py install`
* Tue Jun 28 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.30-1
- Miscellaneous python and build system changes
- Fix couple of typos
- Drop Python2 support
- Use inspect.signature() instead of instead.getargspec()
- Update translations
* Wed Mar 30 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.29-1
- Introduce email.use_sendmail option
- Update translations
* Wed Mar 09 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.28-3
- Update translations (#2017386)

View File

@ -1 +1 @@
SHA512 (setroubleshoot-3.3.28.tar.gz) = 20039d5c31e224eaa71316940ba37c3505a0427b51d09d6e339876c1412149377365bbf792e74a13e457e4915403464e9730132cbf82d15b2e587ac15ba8ea18
SHA512 (setroubleshoot-3.3.31.tar.gz) = e3ab60a81c851e1a68b43e6e08b6901caa2c507318ccb24992d24cca785cd3fbbb9e3d94b51f214a42ee3aba200d6d92eefaf38b71251794489a51844913ed64