rpms/setroubleshoot
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import setroubleshoot-3.3.26-3.el8

Browse Source
This commit is contained in:
CentOS Sources 2022-05-10 03:09:42 -04:00 committed by Stepan Oksanichenko
parent 25834aeb60
commit e62c1d38fe
13 changed files with 40317 additions and 74868 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/setroubleshoot-3.3.24.tar.gz
SOURCES/setroubleshoot-3.3.26.tar.gz

2
.setroubleshoot.metadata
View File

@ -1 +1 @@
d0ea80b5f1af32ae7f424e03b3d9f11c23aac1ed SOURCES/setroubleshoot-3.3.24.tar.gz
dab49dd85f3d8489fef60d2b94c4931cc9c473ea SOURCES/setroubleshoot-3.3.26.tar.gz

45
SOURCES/0001-Stop-SetroubleshootFixit-after-10-seconds-of-inactiv.patch Normal file
View File

@ -0,0 +1,45 @@
From 78840f4e0bd41d3ba1b3c90b909e6c2cf7ef4ea7 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 14 Apr 2021 17:03:39 +0200
Subject: [PATCH] Stop SetroubleshootFixit after 10 seconds of inactivity
---
src/SetroubleshootFixit.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/framework/src/SetroubleshootFixit.py b/framework/src/SetroubleshootFixit.py
index 15c6cab..f7cbf95 100644
--- a/framework/src/SetroubleshootFixit.py
+++ b/framework/src/SetroubleshootFixit.py
@@ -7,6 +7,7 @@ from gi.repository import GLib
import slip.dbus.service
from slip.dbus import polkit
import os
+import signal
class RunFix(slip.dbus.service.Object):
@@ -14,12 +15,20 @@ class RunFix(slip.dbus.service.Object):
def __init__(self, *p, **k):
super(RunFix, self).__init__(*p, **k)
+ self.timeout = 10
+ self.alarm(self.timeout)
+
+ def alarm(self, timeout=10):
+ signal.alarm(timeout)
+
@dbus.service.method("org.fedoraproject.SetroubleshootFixit", in_signature='ss', out_signature='s')
def run_fix(self, local_id, analysis_id):
import subprocess
+ self.alarm(0)
command = ["sealert", "-f", local_id, "-P", analysis_id]
return subprocess.check_output(command, universal_newlines=True)
+ self.alarm(self.timeout)
if __name__ == "__main__":
mainloop = GLib.MainLoop()
--
2.30.2

8846
SOURCES/0001-framework-Update-translations.patch
View File

File diff suppressed because it is too large Load Diff

103
SOURCES/0002-Do-not-use-Python-slip-package.patch Normal file
View File

@ -0,0 +1,103 @@
From e9def2b8b0098842d0223d0951f41e2106821a88 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Wed, 14 Apr 2021 17:04:59 +0200
Subject: [PATCH] Do not use Python slip package
It's not maintained anymore and it allows us to drop dependency on
Python slip package
Use DBUS polkit interface instead -
https://www.freedesktop.org/software/polkit/docs/latest/eggdbus-interface-org.freedesktop.PolicyKit1.Authority.html
---
src/SetroubleshootFixit.py | 35 +++++++++++++++++++++++++----------
src/setroubleshoot/browser.py | 3 ---
2 files changed, 25 insertions(+), 13 deletions(-)
diff --git a/framework/src/SetroubleshootFixit.py b/framework/src/SetroubleshootFixit.py
index f7cbf95..ab0ad2b 100644
--- a/framework/src/SetroubleshootFixit.py
+++ b/framework/src/SetroubleshootFixit.py
@@ -4,13 +4,11 @@ import dbus
import dbus.service
import dbus.mainloop.glib
from gi.repository import GLib
-import slip.dbus.service
-from slip.dbus import polkit
import os
import signal
+import subprocess
-
-class RunFix(slip.dbus.service.Object):
+class RunFix(dbus.service.Object):
default_polkit_auth_required = "org.fedoraproject.setroubleshootfixit.write"
def __init__(self, *p, **k):
@@ -21,14 +19,32 @@ class RunFix(slip.dbus.service.Object):
def alarm(self, timeout=10):
signal.alarm(timeout)
-
- @dbus.service.method("org.fedoraproject.SetroubleshootFixit", in_signature='ss', out_signature='s')
- def run_fix(self, local_id, analysis_id):
- import subprocess
+ def is_authorized(self, sender):
+ bus = dbus.SystemBus()
+
+ proxy = bus.get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority')
+ authority = dbus.Interface(proxy, dbus_interface='org.freedesktop.PolicyKit1.Authority')
+ subject = ('system-bus-name', {'name' : sender})
+ action_id = 'org.fedoraproject.setroubleshootfixit.write'
+ details = {}
+ flags = 1 # AllowUserInteraction flag
+ cancellation_id = '' # No cancellation id
+ result = authority.CheckAuthorization(subject, action_id, details, flags, cancellation_id)
+ return result[0]
+
+ @dbus.service.method("org.fedoraproject.SetroubleshootFixit", sender_keyword="sender", in_signature='ss', out_signature='s')
+ def run_fix(self, local_id, analysis_id, sender):
self.alarm(0)
command = ["sealert", "-f", local_id, "-P", analysis_id]
- return subprocess.check_output(command, universal_newlines=True)
+
+ if self.is_authorized(sender):
+ result = subprocess.check_output(command, universal_newlines=True)
+ else:
+ result = "Authorization failed"
+
self.alarm(self.timeout)
+ return result
+
if __name__ == "__main__":
mainloop = GLib.MainLoop()
@@ -36,5 +52,4 @@ if __name__ == "__main__":
system_bus = dbus.SystemBus()
name = dbus.service.BusName("org.fedoraproject.SetroubleshootFixit", system_bus)
object = RunFix(system_bus, "/org/fedoraproject/SetroubleshootFixit/object")
- slip.dbus.service.set_mainloop(mainloop)
mainloop.run()
diff --git a/framework/src/setroubleshoot/browser.py b/framework/src/setroubleshoot/browser.py
index 2d37bb4..3203f75 100644
--- a/framework/src/setroubleshoot/browser.py
+++ b/framework/src/setroubleshoot/browser.py
@@ -65,8 +65,6 @@ from setroubleshoot.util import *
from setroubleshoot.html_util import html_to_text
import re
import dbus
-import slip.dbus.service
-from slip.dbus import polkit
import report
import report.io
import report.io.GTKIO
@@ -933,7 +931,6 @@ class DBusProxy (object):
self.bus = dbus.SystemBus()
self.dbus_object = self.bus.get_object("org.fedoraproject.SetroubleshootFixit", "/org/fedoraproject/SetroubleshootFixit/object")
- @polkit.enable_proxy
def run_fix(self, local_id, plugin_name):
return self.dbus_object.run_fix(local_id, plugin_name, dbus_interface="org.fedoraproject.SetroubleshootFixit")
--
2.30.2

153
SOURCES/0002-framework-util-optimize-get_rpm_nvr_by_type-by-addin.patch
View File

@ -1,153 +0,0 @@
From 9175db2fa9dda8ca712a8f13b6218e3e7e0036cc Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Wed, 13 Jan 2021 12:43:54 +0100
Subject: [PATCH] framework/util: optimize get_rpm_nvr_by_type by adding a
cache
The cache build could be optimized by assuming that all modules with
priority 100 are part of selinux-policy-<policytype> package. This way
the cache would only have to contain types from modules of other
priorities.
Another optimization would be making the cache persistent. This way it
would only have to be rebuild on policy reload (sedispatch could trigger
cache rebuild over dbus).
My testing shows significant time save when processing multiple AVCs:
setroubleshoot-server-3.3.24-1.el8:
real 2m26.075s
user 2m17.989s
sys 0m5.916s
Cache:
real 0m15.337s
user 0m11.004s
sys 0m3.995s
But curiously, there is also a small time save for individual AVCs
(measured by forcing the cache rebuild for each call of
get_rpm_nvr_by_type):
real 1m40.393s
user 1m32.830s
sys 0m5.960s
It could be caused by processing policy modules by lines, which quickly
eliminates all lines not starting by "(type " (as opposed to comparing
the regular expression with the whole file).
---
src/setroubleshoot/util.py | 86 ++++++++++++++++++++++++++++----------
1 file changed, 65 insertions(+), 21 deletions(-)
diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
index 023d1c4..657c882 100755
--- a/framework/src/setroubleshoot/util.py
+++ b/framework/src/setroubleshoot/util.py
@@ -114,6 +114,12 @@ hex_re = re.compile('^[A-Fa-f0-9]+$')
href_re = re.compile(r'<a\s*href="([^"]+)"[^<]*</a>')
name_at_domain_re = re.compile(r'^([^\s@]+)@([^\s@]+)$')
audit_decode_re = re.compile(r'^\s*"([^"]+)"\s*$')
+# regexp matching lines containing type definitions, eg. (type lib_t)
+# contains only 1 group that matches the type name
+typedef_regexp = re.compile(r"\s*\(\s*type\s+([\w-]+)\s*\)\s*")
+#Dictionary with all types defined in the module store as keys
+#and corresponding module paths as values. Used by get_package_nvr_by_name
+module_type_cache = None
log_level = syslog.LOG_WARNING
@@ -425,33 +431,71 @@ Finds an SELinux module which defines given SELinux type
'mysql-selinux-...
"""
+
+ if module_type_cache is None:
+ build_module_type_cache()
+ if module_type_cache is None:
+ return None
+
+ path = module_type_cache.get(selinux_type, None)
+
+ return get_package_nvr_by_file_path(path)
+
+# check if given string represents an integer
+def __str_is_int(str):
+ try:
+ int(str)
+ return True
+ except:
+ return False
+
+def build_module_type_cache():
+ """
+Creates a dictionary with all types defined in the module store as keys
+and corresponding module paths as values.
+The dictionary is stored in "module_type_cache" to be used by
+"get_rpm_nvr_by_type"
+ """
retval, policytype = selinux.selinux_getpolicytype()
+
if retval != 0:
- return None
- typedef = "(type {})\n".format(selinux_type)
- modules = []
- for (dirpath, dirnames, filenames) in os.walk("/var/lib/selinux/{}/active/modules".format(policytype)):
- if "cil" in filenames:
- try:
- defined = False
+ return
+
+ module_type_dict = dict()
+
+ priorities = []
+
+ # get list of module priorities, present in the module store, sorted by integer value
+ with os.scandir("/var/lib/selinux/{}/active/modules".format(policytype)) as module_store:
+ priorities = sorted([x.name for x in module_store if x.is_dir() and __str_is_int(x.name)], key = lambda x: int(x))
+
+ for dir in priorities:
+ # find individual modules in each priority and identify type definitions
+ for (dirpath, dirnames, filenames) in os.walk("/var/lib/selinux/{}/active/modules/{}".format(policytype,dir)):
+ if "cil" in filenames:
try:
- # cil files are bzip2'ed by default
- defined = typedef.encode() in bz2.open("{}/cil".format(dirpath))
- except:
- # maybe cil file is not bzip2'ed, try plain text
- defined = typedef in open("{}/cil".format(dirpath))
+ try:
+ # cil files are bzip2'ed by default
+ f = bz2.open("{}/cil".format(dirpath), mode = 'rt')
- if defined:
- modules.append(dirpath)
- except:
- # something's wrong, move on
- # FIXME: log a problem?
- pass
+ except:
+ # maybe cil file is not bzip2'ed, try plain text
+ f = open("{}/cil".format(dirpath))
- if len(modules) > 0:
- return get_package_nvr_by_file_path(sorted(modules)[-1])
+ for line in f:
+ result = typedef_regexp.match(line)
+ if result:
+ module_type_dict[result.group(1)] = dirpath
- return None
+ f.close()
+
+ except:
+ # something's wrong, move on
+ # FIXME: log a problem?
+ pass
+
+ global module_type_cache
+ module_type_cache = module_type_dict
def get_rpm_nvr_by_scontext(scontext, use_dbus=False):
"""
--
2.30.2

82
SOURCES/0003-Fix-typos-in-help-man-pages-and-developer-s-guide.patch Normal file
View File

@ -0,0 +1,82 @@
From f6a21742b2531f5dfd0fa68400848ca4314f972f Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Mon, 6 Dec 2021 12:14:04 +0100
Subject: [PATCH] Fix typos in --help, man pages and developer's guide
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
TODO | 2 +-
doc/sealert.8 | 2 +-
src/config.py.in | 2 +-
src/sealert | 2 +-
src/setroubleshoot/server.py | 2 +-
5 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/framework/TODO b/framework/TODO
index 6c2f375..25072ea 100644
--- a/framework/TODO
+++ b/framework/TODO
@@ -22,7 +22,7 @@ return plain text (to be used for plaintext email and writing to
stdout).
(John) Add log file scanning support (I'm currently working on this).
-We could use a better parser for AVC's in log file or other "stream",
+We could use a better parser for AVCs in log file or other "stream",
should work by accepting data via a feed() method and invoke a
callback when it finds an AVC returning an AVC class and a range
(start,end) where it was located (question: should the range be line
diff --git a/framework/doc/sealert.8 b/framework/doc/sealert.8
index 89f4dff..d3e81e3 100644
--- a/framework/doc/sealert.8
+++ b/framework/doc/sealert.8
@@ -102,7 +102,7 @@ Start sealert without dbus service as stand alone app
Lookup alert by id, if id is wildcard * then return all alerts
.TP
.B \-a \-\-analyze file
-Scan a log file, analyze its AVC's
+Scan a log file, analyze its AVCs
.TP
.B \-u \-\-user
logon as user
diff --git a/framework/src/config.py.in b/framework/src/config.py.in
index cbb0542..daf9a68 100644
--- a/framework/src/config.py.in
+++ b/framework/src/config.py.in
@@ -184,7 +184,7 @@ the alert's last seen date will be purged first. Zero implies no limit''',
'max_alert_age': {
'value': '',
'description' : '''
-Purge any alerts whose age based on it's last seen date exceeds this threshold.
+Purge any alerts whose age based on its last seen date exceeds this threshold.
Age may be specified as a sequence of integer unit pairs. Units may be one of
year,month,week,day,hour,minute,second and may optionally be plural.
Example: '2 weeks 1 day' sets the threshold at 15 days.
diff --git a/framework/src/sealert b/framework/src/sealert
index bae0c81..2663a21 100755
--- a/framework/src/sealert
+++ b/framework/src/sealert
@@ -598,7 +598,7 @@ if __name__ == '__main__':
parser.add_option("-l", "--lookupid", dest="lookupid", default=False,
help="Lookup alert by id, id may be wildcard * to lookup all alerts")
parser.add_option("-a", "--analyze", dest="analyze", default=False,
- help="Scan a log file, analyze it's AVC's", metavar="FILE")
+ help="Scan a log file, analyze its AVCs", metavar="FILE")
parser.add_option("-u", "--user", dest="user", default=False,
help="logon user name")
parser.add_option("-p", "--password", dest="password", default=False,
diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py
index aef0346..771ea15 100755
--- a/framework/src/setroubleshoot/server.py
+++ b/framework/src/setroubleshoot/server.py
@@ -764,7 +764,7 @@ def RunFaultServer(timeout=10):
try:
# FIXME: should this be using our logging objects in log.py?
# currently syslog is only used for putting an alert into
- # the syslog with it's id
+ # the syslog with its id
global pkg_name
syslog.openlog(pkg_name)
--
2.30.2

30
SOURCES/0003-framework-sealert-exit-on-any-connection-close.patch
View File

@ -1,30 +0,0 @@
From b11bdcda95af7760befcc61384d5623ba30fd749 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Tue, 2 Feb 2021 13:18:49 +0100
Subject: [PATCH] framework/sealert: exit on any connection close
SECommandLine is only connecting to setroubleshootd for a short time.
Therefore any connection close from "server" side should be treated as
error.
This prevents "sealert" from hanging when setroubleshootd crashes.
---
src/sealert | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/framework/src/sealert b/framework/src/sealert
index 7839367..bae0c81 100755
--- a/framework/src/sealert
+++ b/framework/src/sealert
@@ -488,7 +488,7 @@ class SECommandLine(object):
def on_connection_state_change(self, connection, connection_state, flags, flags_added, flags_removed):
log_debug("%s.on_connection_state_change: connection_state=%s flags_added=%s flags_removed=%s address=%s" % (self.__class__.__name__, connection_state, connection_state.flags_to_string(flags_added), connection_state.flags_to_string(flags_removed), connection.socket_address))
- if flags_added & ConnectionState.ERROR:
+ if (flags_added & (ConnectionState.ERROR | ConnectionState.HUP)) or (flags_removed & ConnectionState.OPEN):
errno, strerror = connection_state.get_result()
print("failed to connect to server: %s" % (strerror), file=sys.stderr)
sys.exit(1)
--
2.30.2

174
SOURCES/0004-Revert-Replace-pydbus-with-dasbus.patch Normal file
View File

@ -0,0 +1,174 @@
From e0cf9f2e50e8da856ffd511cbbab7ee36a31bb74 Mon Sep 17 00:00:00 2001
From: Vit Mojzis <vmojzis@redhat.com>
Date: Fri, 10 Dec 2021 15:04:21 +0100
Subject: [PATCH] Revert "Replace pydbus with dasbus"
dasbus is not available in rhel8.
This reverts commit 5290ca0ee06d69102bf2b756e2decc0f8c5b770f.
---
configure.ac | 6 +++---
src/SetroubleshootPrivileged.py | 32 ++++++++++++++------------------
src/seapplet | 21 +++++++++++++--------
src/setroubleshoot/util.py | 9 +++------
4 files changed, 33 insertions(+), 35 deletions(-)
diff --git a/framework/configure.ac b/framework/configure.ac
index d1d0176..e3b7b5a 100644
--- a/framework/configure.ac
+++ b/framework/configure.ac
@@ -65,13 +65,13 @@ else
$python_module_result])
fi
-AC_MSG_CHECKING([for the dasbus python3 module])
-python_module_result=`$PYTHON -c "import dasbus" 2>&1`
+AC_MSG_CHECKING([for the pydbus python3 module])
+python_module_result=`$PYTHON -c "import pydbus" 2>&1`
if test -z "$python_module_result"; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
- AC_MSG_ERROR([cannot import Python3 module dasbus.
+ AC_MSG_ERROR([cannot import Python3 module pydbus.
Please check your Python3 installation. The error was:
$python_module_result])
fi
diff --git a/framework/src/SetroubleshootPrivileged.py b/framework/src/SetroubleshootPrivileged.py
index d2a9ea4..899e687 100644
--- a/framework/src/SetroubleshootPrivileged.py
+++ b/framework/src/SetroubleshootPrivileged.py
@@ -19,23 +19,23 @@
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
from gi.repository import GLib
-from dasbus.connection import SystemMessageBus
+from pydbus import SystemBus
import setroubleshoot.util
import signal
loop = GLib.MainLoop()
class Privileged(object):
- __dbus_xml__ = """
- <node>
- <interface name='org.fedoraproject.SetroubleshootPrivileged'>
- <method name='get_rpm_nvr_by_scontext'>
- <arg type='s' name='scontext' direction='in'/>
- <arg type='s' name='rpmnvr' direction='out'/>
- </method>
- <method name='finish'/>
- </interface>
- </node>
+ """
+ <node>
+ <interface name='org.fedoraproject.SetroubleshootPrivileged'>
+ <method name='get_rpm_nvr_by_scontext'>
+ <arg type='s' name='scontext' direction='in'/>
+ <arg type='s' name='rpmnvr' direction='out'/>
+ </method>
+ <method name='finish'/>
+ </interface>
+ </node>
"""
def __init__(self, timeout=10):
@@ -58,10 +58,6 @@ class Privileged(object):
loop.quit()
if __name__ == "__main__":
- bus = SystemMessageBus()
- try:
- bus.publish_object("/org/fedoraproject/SetroubleshootPrivileged", Privileged())
- bus.register_service("org.fedoraproject.SetroubleshootPrivileged")
- loop.run()
- finally:
- bus.disconnect()
+ bus = SystemBus()
+ bus.publish("org.fedoraproject.SetroubleshootPrivileged", Privileged())
+ loop.run()
diff --git a/framework/src/seapplet b/framework/src/seapplet
index b5f65d1..79b5ef2 100644
--- a/framework/src/seapplet
+++ b/framework/src/seapplet
@@ -26,7 +26,7 @@ from gi.repository import Gtk
gi.require_version('Notify', '0.7')
from gi.repository import Notify
-from dasbus.connection import SystemMessageBus
+from pydbus import SystemBus
import selinux
import sys
@@ -52,14 +52,13 @@ class SEApplet(GObject.Object):
def __init__(self):
- bus = SystemMessageBus()
- Setroubleshootd = bus.get_proxy(
- 'org.fedoraproject.Setroubleshootd',
- '/org/fedoraproject/Setroubleshootd'
+ bus = SystemBus()
+ self.bus_signal = bus.subscribe(
+ iface='org.fedoraproject.SetroubleshootdIface',
+ signal='alert',
+ signal_fired=self.send_notification
)
- Setroubleshootd.alert.connect(self.send_notification)
-
super(SEApplet, self).__init__()
Notify.init("seapplet")
# lets initialise with the application name
@@ -81,6 +80,11 @@ class SEApplet(GObject.Object):
except:
pass
+ Setroubleshootd = bus.get(
+ 'org.fedoraproject.Setroubleshootd',
+ '/org/fedoraproject/Setroubleshootd'
+ )
+
(count, red) = Setroubleshootd.check_for_new(last_id)
if count > 0:
@@ -115,7 +119,8 @@ class SEApplet(GObject.Object):
launcher.launch(None, context)
self.status_icon.set_visible(False)
- def send_notification(self, *params):
+ def send_notification(self, sender, dobject, iface, signal, params):
+
status_icon = self.__init_status_icon()
status_icon.set_visible(True)
diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
index 02c4f75..657c882 100755
--- a/framework/src/setroubleshoot/util.py
+++ b/framework/src/setroubleshoot/util.py
@@ -69,7 +69,7 @@ __all__ = [
import bz2
import six
import datetime
-from dasbus.connection import SystemMessageBus
+from pydbus import SystemBus
import glob
from gi.repository import GObject
import os
@@ -522,11 +522,8 @@ Finds an SELinux module which defines given SELinux context
"""
if use_dbus:
- bus = SystemMessageBus()
- remote_object = bus.get_proxy(
- "org.fedoraproject.SetroubleshootPrivileged",
- "/org/fedoraproject/SetroubleshootPrivileged"
- )
+ bus = SystemBus()
+ remote_object = bus.get("org.fedoraproject.SetroubleshootPrivileged")
return str(remote_object.get_rpm_nvr_by_scontext(str(scontext)))
else:
context = selinux.context_new(str(scontext))
--
2.30.2

65827
SOURCES/0004-Update-translations.patch
View File

File diff suppressed because it is too large Load Diff

40
SOURCES/0005-Improve-after_first-email-filter-behavior.patch Normal file
View File

@ -0,0 +1,40 @@
From 73d60acf9d4d7ae740d450f9c9a9566dac1c3111 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Thu, 3 Feb 2022 18:14:05 +0100
Subject: [PATCH] Improve after_first email filter behavior
after_first used to send 2 emails before it started to filter. The
problem was in the email users were not saved into database when a new
signature was created.
Also we need to skip email users when we evaluated whether send a
desktop notification or not.
---
src/setroubleshoot/server.py | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py
index 771ea15..10ef215 100755
--- a/framework/src/setroubleshoot/server.py
+++ b/framework/src/setroubleshoot/server.py
@@ -220,6 +220,7 @@ class AlertPluginReportReceiver(PluginReportReceiver):
if len(to_addrs):
from setroubleshoot.email_alert import email_alert
email_alert(siginfo, to_addrs)
+ self.database.mark_modified()
log_debug("sending alert to all clients")
@@ -234,6 +235,9 @@ class AlertPluginReportReceiver(PluginReportReceiver):
systemd.journal.send(siginfo.format_text(), OBJECT_PID=pid, SYSLOG_IDENTIFIER=pkg_name)
for u in siginfo.users:
+ if u.username[0:6] == "email:":
+ # skip email users - they were evaluated before
+ continue
action = siginfo.evaluate_filter_for_user(u.username)
if action == "ignore":
return siginfo
--
2.30.2

39843
SOURCES/0006-Update-translations.patch Normal file
View File

File diff suppressed because it is too large Load Diff

38
SPECS/setroubleshoot.spec
View File

@ -1,25 +1,28 @@
Summary: Helps troubleshoot SELinux problems
Name: setroubleshoot
Version: 3.3.24
Release: 4%{?dist}
Version: 3.3.26
Release: 3%{?dist}
License: GPLv2+
URL: https://gitlab.com/setroubleshoot/framework
Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
Source1: %{name}.tmpfiles
# git format-patch --src-prefix=a/framework/ --dst-prefix=b/framework/ -N setroubleshoot-3.3.24 -- framework
# git format-patch --src-prefix=a/framework/ --dst-prefix=b/framework/ -N setroubleshoot-3.3.26 -- . ':!doc/developers_guide.wiki' ':!test/README.testing'
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
Patch0001: 0001-framework-Update-translations.patch
Patch0002: 0002-framework-util-optimize-get_rpm_nvr_by_type-by-addin.patch
Patch0003: 0003-framework-sealert-exit-on-any-connection-close.patch
Patch0004: 0004-Update-translations.patch
Patch0001: 0001-Stop-SetroubleshootFixit-after-10-seconds-of-inactiv.patch
Patch0002: 0002-Do-not-use-Python-slip-package.patch
Patch0003: 0003-Fix-typos-in-help-man-pages-and-developer-s-guide.patch
Patch0004: 0004-Revert-Replace-pydbus-with-dasbus.patch
Patch0005: 0005-Improve-after_first-email-filter-behavior.patch
Patch0006: 0006-Update-translations.patch
BuildRequires: gcc
BuildRequires: make
BuildRequires: libcap-ng-devel
BuildRequires: intltool gettext python3 python3-devel
BuildRequires: desktop-file-utils dbus-glib-devel gtk2-devel libnotify-devel audit-libs-devel libselinux-devel polkit-devel
BuildRequires: python3-libselinux python3-pydbus python3-gobject gtk3-devel
Requires: %{name}-server = %{version}-%{release}
Requires: gtk3, libnotify
Requires: libreport-gtk >= 2.2.1-2, libreport-python3
Requires: libreport-gtk >= 2.2.1-2, python3-libreport
Requires: python3-gobject, python3-pydbus
Requires(post): desktop-file-utils
Requires(post): dbus
@ -105,7 +108,7 @@ Requires: libselinux-python3 >= 2.1.5-1
Requires: policycoreutils-python-utils
BuildRequires: intltool gettext python3
BuildRequires: python3-devel
Requires: python3-slip-dbus systemd-python3 >= 206-1
Requires: systemd-python3 >= 206-1
Requires: python3-gobject >= 3.11
Requires: dbus
Requires: python3-dbus python3-pydbus
@ -200,6 +203,22 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
%doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO
%changelog
* Fri Feb 25 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-3
- Update translations (#2017299)
* Fri Feb 11 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-2
- Improve after_first email filter behavior (#2050734)
* Fri Dec 10 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-1
- Revert "Replace pydbus with dasbus"
- Fix typos in --help, man pages and developer's guide (#2028226)
- Do not use Python slip package
- Stop SetroubleshootFixit after 10 seconds of inactivity
- Fix plugin exception reporting
- export alert dbus signal
- Make sure local_policy_package is not None
- sealert: add "Last Seen" column to alert list
* Mon Sep 27 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-4
- Update translations (#1962030)
@ -1953,4 +1972,3 @@ it has already been seen
* Fri May 19 2006 John Dennis <jdennis@redhat.com> - 0.1-1
- Initial build.