From c42ca71e4651d81a72d22eaef24695f60bcac6d5 Mon Sep 17 00:00:00 2001 From: Vit Mojzis Date: Tue, 2 Feb 2021 16:00:23 +0100 Subject: [PATCH] setroubleshoot-3.3.24-4 - sealert: exit on any connection close --- ...sealert-exit-on-any-connection-close.patch | 30 +++++++++++++++++++ setroubleshoot.spec | 6 +++- 2 files changed, 35 insertions(+), 1 deletion(-) create mode 100644 0003-framework-sealert-exit-on-any-connection-close.patch diff --git a/0003-framework-sealert-exit-on-any-connection-close.patch b/0003-framework-sealert-exit-on-any-connection-close.patch new file mode 100644 index 0000000..5944843 --- /dev/null +++ b/0003-framework-sealert-exit-on-any-connection-close.patch @@ -0,0 +1,30 @@ +From e339956442fb7284bce31e132b0be7ad0f3badc5 Mon Sep 17 00:00:00 2001 +From: Vit Mojzis +Date: Tue, 2 Feb 2021 13:18:49 +0100 +Subject: [PATCH] framework/sealert: exit on any connection close + +SECommandLine is only connecting to setroubleshootd for a short time. +Therefore any connection close from "server" side should be treated as +error. + +This prevents "sealert" from hanging when setroubleshootd crashes. +--- + framework/src/sealert | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/framework/src/sealert b/framework/src/sealert +index 7839367..bae0c81 100755 +--- a/framework/src/sealert ++++ b/framework/src/sealert +@@ -488,7 +488,7 @@ class SECommandLine(object): + def on_connection_state_change(self, connection, connection_state, flags, flags_added, flags_removed): + log_debug("%s.on_connection_state_change: connection_state=%s flags_added=%s flags_removed=%s address=%s" % (self.__class__.__name__, connection_state, connection_state.flags_to_string(flags_added), connection_state.flags_to_string(flags_removed), connection.socket_address)) + +- if flags_added & ConnectionState.ERROR: ++ if (flags_added & (ConnectionState.ERROR | ConnectionState.HUP)) or (flags_removed & ConnectionState.OPEN): + errno, strerror = connection_state.get_result() + print("failed to connect to server: %s" % (strerror), file=sys.stderr) + sys.exit(1) +-- +2.29.2 + diff --git a/setroubleshoot.spec b/setroubleshoot.spec index 6aa5543..f6eb0a9 100644 --- a/setroubleshoot.spec +++ b/setroubleshoot.spec @@ -4,7 +4,7 @@ Summary: Helps troubleshoot SELinux problems Name: setroubleshoot Version: 3.3.24 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ URL: https://pagure.io/setroubleshoot Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz @@ -13,6 +13,7 @@ Source1: %{name}.tmpfiles # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done Patch0001: 0001-framework-Update-translations.patch Patch0002: 0002-framework-util-optimize-get_rpm_nvr_by_type-by-addin.patch +Patch0003: 0003-framework-sealert-exit-on-any-connection-close.patch BuildRequires: gcc BuildRequires: make BuildRequires: libcap-ng-devel @@ -190,6 +191,9 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir} %doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO %changelog +* Tue Feb 02 2021 Vit Mojzis - 3.3.24-4 +- sealert: exit on any connection close + * Wed Jan 27 2021 Fedora Release Engineering - 3.3.24-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild