import setroubleshoot-3.3.26-3.el8

2022-05-10 03:09:42 -04:00 · 2022-05-10 03:09:42 -04:00 · e62c1d38fe
commit e62c1d38fe
parent 25834aeb60
13 changed files with 40317 additions and 74868 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1 @@
-SOURCES/setroubleshoot-3.3.24.tar.gz
+SOURCES/setroubleshoot-3.3.26.tar.gz
--- a/.setroubleshoot.metadata
+++ b/.setroubleshoot.metadata
@ -1 +1 @@
-d0ea80b5f1af32ae7f424e03b3d9f11c23aac1ed SOURCES/setroubleshoot-3.3.24.tar.gz
+dab49dd85f3d8489fef60d2b94c4931cc9c473ea SOURCES/setroubleshoot-3.3.26.tar.gz
--- a/SOURCES/0001-Stop-SetroubleshootFixit-after-10-seconds-of-inactiv.patch
+++ b/SOURCES/0001-Stop-SetroubleshootFixit-after-10-seconds-of-inactiv.patch
@ -0,0 +1,45 @@
 From 78840f4e0bd41d3ba1b3c90b909e6c2cf7ef4ea7 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Wed, 14 Apr 2021 17:03:39 +0200
 Subject: [PATCH] Stop SetroubleshootFixit after 10 seconds of inactivity
 ---
 src/SetroubleshootFixit.py | 9 +++++++++
 1 file changed, 9 insertions(+)
 diff --git a/framework/src/SetroubleshootFixit.py b/framework/src/SetroubleshootFixit.py
 index 15c6cab..f7cbf95 100644
 --- a/framework/src/SetroubleshootFixit.py
 +++ b/framework/src/SetroubleshootFixit.py
@@ -7,6 +7,7 @@ from gi.repository import GLib
 import slip.dbus.service
 from slip.dbus import polkit
 import os
 +import signal
 class RunFix(slip.dbus.service.Object):
@@ -14,12 +15,20 @@ class RunFix(slip.dbus.service.Object):
     def __init__(self, *p, **k):
         super(RunFix, self).__init__(*p, **k)
 +        self.timeout = 10
 +        self.alarm(self.timeout)
 +
 +    def alarm(self, timeout=10):
 +        signal.alarm(timeout)
 +
     @dbus.service.method("org.fedoraproject.SetroubleshootFixit", in_signature='ss', out_signature='s')
     def run_fix(self, local_id, analysis_id):
         import subprocess
 +        self.alarm(0)
         command = ["sealert", "-f", local_id, "-P", analysis_id]
         return subprocess.check_output(command, universal_newlines=True)
 +        self.alarm(self.timeout)
 if __name__ == "__main__":
     mainloop = GLib.MainLoop()
 -- 
 2.30.2
--- a/SOURCES/0001-framework-Update-translations.patch
+++ b/SOURCES/0001-framework-Update-translations.patch
--- a/SOURCES/0002-Do-not-use-Python-slip-package.patch
+++ b/SOURCES/0002-Do-not-use-Python-slip-package.patch
@ -0,0 +1,103 @@
 From e9def2b8b0098842d0223d0951f41e2106821a88 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Wed, 14 Apr 2021 17:04:59 +0200
 Subject: [PATCH] Do not use Python slip package
 It's not maintained anymore and it allows us to drop dependency on
 Python slip package
 Use DBUS polkit interface instead -
 https://www.freedesktop.org/software/polkit/docs/latest/eggdbus-interface-org.freedesktop.PolicyKit1.Authority.html
 ---
 src/SetroubleshootFixit.py    | 35 +++++++++++++++++++++++++----------
 src/setroubleshoot/browser.py |  3 ---
 2 files changed, 25 insertions(+), 13 deletions(-)
 diff --git a/framework/src/SetroubleshootFixit.py b/framework/src/SetroubleshootFixit.py
 index f7cbf95..ab0ad2b 100644
 --- a/framework/src/SetroubleshootFixit.py
 +++ b/framework/src/SetroubleshootFixit.py
@@ -4,13 +4,11 @@ import dbus
 import dbus.service
 import dbus.mainloop.glib
 from gi.repository import GLib
 -import slip.dbus.service
 -from slip.dbus import polkit
 import os
 import signal
 +import subprocess
 -
 -class RunFix(slip.dbus.service.Object):
 +class RunFix(dbus.service.Object):
     default_polkit_auth_required = "org.fedoraproject.setroubleshootfixit.write"
     def __init__(self, *p, **k):
@@ -21,14 +19,32 @@ class RunFix(slip.dbus.service.Object):
     def alarm(self, timeout=10):
         signal.alarm(timeout)
 -
 -    @dbus.service.method("org.fedoraproject.SetroubleshootFixit", in_signature='ss', out_signature='s')
 -    def run_fix(self, local_id, analysis_id):
 -        import subprocess
 +    def is_authorized(self, sender):
 +        bus = dbus.SystemBus()
 +
 +        proxy = bus.get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority')
 +        authority = dbus.Interface(proxy, dbus_interface='org.freedesktop.PolicyKit1.Authority')
 +        subject = ('system-bus-name', {'name' : sender})
 +        action_id = 'org.fedoraproject.setroubleshootfixit.write'
 +        details = {}
 +        flags = 1            # AllowUserInteraction flag
 +        cancellation_id = '' # No cancellation id
 +        result = authority.CheckAuthorization(subject, action_id, details, flags, cancellation_id)
 +        return result[0]
 +
 +    @dbus.service.method("org.fedoraproject.SetroubleshootFixit", sender_keyword="sender", in_signature='ss', out_signature='s')
 +    def run_fix(self, local_id, analysis_id, sender):
         self.alarm(0)
         command = ["sealert", "-f", local_id, "-P", analysis_id]
 -        return subprocess.check_output(command, universal_newlines=True)
 +
 +        if self.is_authorized(sender):
 +            result = subprocess.check_output(command, universal_newlines=True)
 +        else:
 +            result = "Authorization failed"
 +
         self.alarm(self.timeout)
 +        return result
 +
 if __name__ == "__main__":
     mainloop = GLib.MainLoop()
@@ -36,5 +52,4 @@ if __name__ == "__main__":
     system_bus = dbus.SystemBus()
     name = dbus.service.BusName("org.fedoraproject.SetroubleshootFixit", system_bus)
     object = RunFix(system_bus, "/org/fedoraproject/SetroubleshootFixit/object")
 -    slip.dbus.service.set_mainloop(mainloop)
     mainloop.run()
 diff --git a/framework/src/setroubleshoot/browser.py b/framework/src/setroubleshoot/browser.py
 index 2d37bb4..3203f75 100644
 --- a/framework/src/setroubleshoot/browser.py
 +++ b/framework/src/setroubleshoot/browser.py
@@ -65,8 +65,6 @@ from setroubleshoot.util import *
 from setroubleshoot.html_util import html_to_text
 import re
 import dbus
 -import slip.dbus.service
 -from slip.dbus import polkit
 import report
 import report.io
 import report.io.GTKIO
@@ -933,7 +931,6 @@ class DBusProxy (object):
         self.bus = dbus.SystemBus()
         self.dbus_object = self.bus.get_object("org.fedoraproject.SetroubleshootFixit", "/org/fedoraproject/SetroubleshootFixit/object")
 -    @polkit.enable_proxy
     def run_fix(self, local_id, plugin_name):
         return self.dbus_object.run_fix(local_id, plugin_name, dbus_interface="org.fedoraproject.SetroubleshootFixit")
 -- 
 2.30.2
--- a/SOURCES/0002-framework-util-optimize-get_rpm_nvr_by_type-by-addin.patch
+++ b/SOURCES/0002-framework-util-optimize-get_rpm_nvr_by_type-by-addin.patch
@ -1,153 +0,0 @@
 From 9175db2fa9dda8ca712a8f13b6218e3e7e0036cc Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Wed, 13 Jan 2021 12:43:54 +0100
 Subject: [PATCH] framework/util: optimize get_rpm_nvr_by_type by adding a
 cache
 The cache build could be optimized by assuming that all modules with
 priority 100 are part of selinux-policy-<policytype> package. This way
 the cache would only have to contain types from modules of other
 priorities.
 Another optimization would be making the cache persistent. This way it
 would only have to be rebuild on policy reload (sedispatch could trigger
 cache rebuild over dbus).
 My testing shows significant time save when processing multiple AVCs:
 setroubleshoot-server-3.3.24-1.el8:
 real	2m26.075s
 user	2m17.989s
 sys	0m5.916s
 Cache:
 real	0m15.337s
 user	0m11.004s
 sys	0m3.995s
 But curiously, there is also a small time save for individual AVCs
 (measured by forcing the cache rebuild for each call of
 get_rpm_nvr_by_type):
 real	1m40.393s
 user	1m32.830s
 sys	0m5.960s
 It could be caused by processing policy modules by lines, which quickly
 eliminates all lines not starting by "(type " (as opposed to comparing
 the regular expression with the whole file).
 ---
 src/setroubleshoot/util.py | 86 ++++++++++++++++++++++++++++----------
 1 file changed, 65 insertions(+), 21 deletions(-)
 diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
 index 023d1c4..657c882 100755
 --- a/framework/src/setroubleshoot/util.py
 +++ b/framework/src/setroubleshoot/util.py
@@ -114,6 +114,12 @@ hex_re = re.compile('^[A-Fa-f0-9]+$')
 href_re = re.compile(r'<a\s*href="([^"]+)"[^<]*</a>')
 name_at_domain_re = re.compile(r'^([^\s@]+)@([^\s@]+)$')
 audit_decode_re = re.compile(r'^\s*"([^"]+)"\s*$')
 +# regexp matching lines containing type definitions, eg. (type lib_t)
 +# contains only 1 group that matches the type name
 +typedef_regexp = re.compile(r"\s*\(\s*type\s+([\w-]+)\s*\)\s*")
 +#Dictionary with all types defined in the module store as keys
 +#and corresponding module paths as values. Used by get_package_nvr_by_name
 +module_type_cache = None
 log_level = syslog.LOG_WARNING
@@ -425,33 +431,71 @@ Finds an SELinux module which defines given SELinux type
 'mysql-selinux-...
     """
 +
 +    if module_type_cache is None:
 +        build_module_type_cache()
 +        if module_type_cache is None:
 +            return None
 +
 +    path = module_type_cache.get(selinux_type, None)
 +
 +    return get_package_nvr_by_file_path(path)
 +
 +# check if given string represents an integer
 +def __str_is_int(str):
 +    try:
 +        int(str)
 +        return True
 +    except:
 +        return False
 +
 +def build_module_type_cache():
 +    """
 +Creates a dictionary with all types defined in the module store as keys
 +and corresponding module paths as values.
 +The dictionary is stored in "module_type_cache" to be used by
 +"get_rpm_nvr_by_type"
 +    """
     retval, policytype = selinux.selinux_getpolicytype()
 +
     if retval != 0:
 -        return None
 -    typedef = "(type {})\n".format(selinux_type)
 -    modules = []
 -    for (dirpath, dirnames, filenames) in os.walk("/var/lib/selinux/{}/active/modules".format(policytype)):
 -        if "cil" in filenames:
 -            try:
 -                defined = False
 +        return
 +
 +    module_type_dict = dict()
 +
 +    priorities = []
 +
 +    # get list of module priorities, present in the module store, sorted by integer value
 +    with os.scandir("/var/lib/selinux/{}/active/modules".format(policytype)) as module_store:
 +        priorities = sorted([x.name for x in module_store if x.is_dir() and __str_is_int(x.name)], key = lambda x: int(x))
 +
 +    for dir in priorities:
 +        # find individual modules in each priority and identify type definitions
 +        for (dirpath, dirnames, filenames) in os.walk("/var/lib/selinux/{}/active/modules/{}".format(policytype,dir)):
 +            if "cil" in filenames:
                 try:
 -                    # cil files are bzip2'ed by default
 -                    defined = typedef.encode() in bz2.open("{}/cil".format(dirpath))
 -                except:
 -                    # maybe cil file is not bzip2'ed, try plain text
 -                    defined = typedef in open("{}/cil".format(dirpath))
 +                    try:
 +                        # cil files are bzip2'ed by default
 +                        f = bz2.open("{}/cil".format(dirpath), mode = 'rt')
 -                if defined:
 -                    modules.append(dirpath)
 -            except:
 -                # something's wrong, move on
 -                # FIXME: log a problem?
 -                pass
 +                    except:
 +                        # maybe cil file is not bzip2'ed, try plain text
 +                        f = open("{}/cil".format(dirpath))
 -    if len(modules) > 0:
 -        return get_package_nvr_by_file_path(sorted(modules)[-1])
 +                    for line in f:
 +                        result = typedef_regexp.match(line)
 +                        if result:
 +                            module_type_dict[result.group(1)] = dirpath
 -    return None
 +                    f.close()
 +
 +                except:
 +                    # something's wrong, move on
 +                    # FIXME: log a problem?
 +                    pass
 +
 +    global module_type_cache
 +    module_type_cache = module_type_dict
 def get_rpm_nvr_by_scontext(scontext, use_dbus=False):
     """
 -- 
 2.30.2
--- a/SOURCES/0003-Fix-typos-in-help-man-pages-and-developer-s-guide.patch
+++ b/SOURCES/0003-Fix-typos-in-help-man-pages-and-developer-s-guide.patch
@ -0,0 +1,82 @@
 From f6a21742b2531f5dfd0fa68400848ca4314f972f Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Mon, 6 Dec 2021 12:14:04 +0100
 Subject: [PATCH] Fix typos in --help, man pages and developer's guide
 Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
 ---
 TODO                         | 2 +-
 doc/sealert.8                | 2 +-
 src/config.py.in             | 2 +-
 src/sealert                  | 2 +-
 src/setroubleshoot/server.py | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)
 diff --git a/framework/TODO b/framework/TODO
 index 6c2f375..25072ea 100644
 --- a/framework/TODO
 +++ b/framework/TODO
@@ -22,7 +22,7 @@ return plain text (to be used for plaintext email and writing to
 stdout).
 (John) Add log file scanning support (I'm currently working on this).
 -We could use a better parser for AVC's in log file or other "stream",
 +We could use a better parser for AVCs in log file or other "stream",
 should work by accepting data via a feed() method and invoke a
 callback when it finds an AVC returning an AVC class and a range
 (start,end) where it was located (question: should the range be line
 diff --git a/framework/doc/sealert.8 b/framework/doc/sealert.8
 index 89f4dff..d3e81e3 100644
 --- a/framework/doc/sealert.8
 +++ b/framework/doc/sealert.8
@@ -102,7 +102,7 @@ Start sealert without dbus service as stand alone app
 Lookup alert by id, if id is wildcard * then return all alerts
 .TP 
 .B \-a \-\-analyze file   
 -Scan a log file, analyze its AVC's
 +Scan a log file, analyze its AVCs
 .TP 
 .B \-u \-\-user        
 logon as user
 diff --git a/framework/src/config.py.in b/framework/src/config.py.in
 index cbb0542..daf9a68 100644
 --- a/framework/src/config.py.in
 +++ b/framework/src/config.py.in
@@ -184,7 +184,7 @@ the alert's last seen date will be purged first. Zero implies no limit''',
         'max_alert_age': {
             'value': '',
             'description' : '''
 -Purge any alerts whose age based on it's last seen date exceeds this threshold.
 +Purge any alerts whose age based on its last seen date exceeds this threshold.
 Age may be specified as a sequence of integer unit pairs. Units may be one of
 year,month,week,day,hour,minute,second and may optionally be plural.
 Example: '2 weeks 1 day' sets the threshold at 15 days.
 diff --git a/framework/src/sealert b/framework/src/sealert
 index bae0c81..2663a21 100755
 --- a/framework/src/sealert
 +++ b/framework/src/sealert
@@ -598,7 +598,7 @@ if __name__ == '__main__':
         parser.add_option("-l", "--lookupid", dest="lookupid", default=False,
                           help="Lookup alert by id, id may be wildcard * to lookup all alerts")
         parser.add_option("-a", "--analyze", dest="analyze", default=False,
 -                          help="Scan a log file, analyze it's AVC's", metavar="FILE")
 +                          help="Scan a log file, analyze its AVCs", metavar="FILE")
         parser.add_option("-u", "--user", dest="user", default=False,
                           help="logon user name")
         parser.add_option("-p", "--password", dest="password", default=False,
 diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py
 index aef0346..771ea15 100755
 --- a/framework/src/setroubleshoot/server.py
 +++ b/framework/src/setroubleshoot/server.py
@@ -764,7 +764,7 @@ def RunFaultServer(timeout=10):
     try:
         # FIXME: should this be using our logging objects in log.py?
         # currently syslog is only used for putting an alert into
 -        # the syslog with it's id
 +        # the syslog with its id
         global pkg_name
         syslog.openlog(pkg_name)
 -- 
 2.30.2
--- a/SOURCES/0003-framework-sealert-exit-on-any-connection-close.patch
+++ b/SOURCES/0003-framework-sealert-exit-on-any-connection-close.patch
@ -1,30 +0,0 @@
 From b11bdcda95af7760befcc61384d5623ba30fd749 Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Tue, 2 Feb 2021 13:18:49 +0100
 Subject: [PATCH] framework/sealert: exit on any connection close
 SECommandLine is only connecting to setroubleshootd for a short time.
 Therefore any connection close from "server" side should be treated as
 error.
 This prevents "sealert" from hanging when setroubleshootd crashes.
 ---
 src/sealert | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/framework/src/sealert b/framework/src/sealert
 index 7839367..bae0c81 100755
 --- a/framework/src/sealert
 +++ b/framework/src/sealert
@@ -488,7 +488,7 @@ class SECommandLine(object):
     def on_connection_state_change(self, connection, connection_state, flags, flags_added, flags_removed):
         log_debug("%s.on_connection_state_change: connection_state=%s flags_added=%s flags_removed=%s address=%s" % (self.__class__.__name__, connection_state, connection_state.flags_to_string(flags_added), connection_state.flags_to_string(flags_removed), connection.socket_address))
 -        if flags_added & ConnectionState.ERROR:
 +        if (flags_added & (ConnectionState.ERROR | ConnectionState.HUP)) or (flags_removed & ConnectionState.OPEN):
             errno, strerror = connection_state.get_result()
             print("failed to connect to server: %s" % (strerror), file=sys.stderr)
             sys.exit(1)
 -- 
 2.30.2
--- a/SOURCES/0004-Revert-Replace-pydbus-with-dasbus.patch
+++ b/SOURCES/0004-Revert-Replace-pydbus-with-dasbus.patch
@ -0,0 +1,174 @@
 From e0cf9f2e50e8da856ffd511cbbab7ee36a31bb74 Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Fri, 10 Dec 2021 15:04:21 +0100
 Subject: [PATCH] Revert "Replace pydbus with dasbus"
 dasbus is not available in rhel8.
 This reverts commit 5290ca0ee06d69102bf2b756e2decc0f8c5b770f.
 ---
 configure.ac                    |  6 +++---
 src/SetroubleshootPrivileged.py | 32 ++++++++++++++------------------
 src/seapplet                    | 21 +++++++++++++--------
 src/setroubleshoot/util.py      |  9 +++------
 4 files changed, 33 insertions(+), 35 deletions(-)
 diff --git a/framework/configure.ac b/framework/configure.ac
 index d1d0176..e3b7b5a 100644
 --- a/framework/configure.ac
 +++ b/framework/configure.ac
@@ -65,13 +65,13 @@ else
                    $python_module_result])
 fi
 -AC_MSG_CHECKING([for the dasbus python3 module])
 -python_module_result=`$PYTHON -c "import dasbus" 2>&1`
 +AC_MSG_CHECKING([for the pydbus python3 module])
 +python_module_result=`$PYTHON -c "import pydbus" 2>&1`
 if test -z "$python_module_result"; then
 	AC_MSG_RESULT([yes])
 else
 	AC_MSG_RESULT([no])
 -	AC_MSG_ERROR([cannot import Python3 module dasbus.
 +	AC_MSG_ERROR([cannot import Python3 module pydbus.
                    Please check your Python3 installation. The error was:
                    $python_module_result])
 fi
 diff --git a/framework/src/SetroubleshootPrivileged.py b/framework/src/SetroubleshootPrivileged.py
 index d2a9ea4..899e687 100644
 --- a/framework/src/SetroubleshootPrivileged.py
 +++ b/framework/src/SetroubleshootPrivileged.py
@@ -19,23 +19,23 @@
 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
 from gi.repository import GLib
 -from dasbus.connection import SystemMessageBus
 +from pydbus import SystemBus
 import setroubleshoot.util
 import signal
 loop = GLib.MainLoop()
 class Privileged(object):
 -    __dbus_xml__ = """
 -    <node>
 -        <interface name='org.fedoraproject.SetroubleshootPrivileged'>
 -            <method name='get_rpm_nvr_by_scontext'>
 -                <arg type='s' name='scontext' direction='in'/>
 -                <arg type='s' name='rpmnvr' direction='out'/>
 -            </method>
 -            <method name='finish'/>
 -        </interface>
 -    </node>
 +    """
 +		<node>
 +			<interface name='org.fedoraproject.SetroubleshootPrivileged'>
 +				<method name='get_rpm_nvr_by_scontext'>
 +					<arg type='s' name='scontext' direction='in'/>
 +    				<arg type='s' name='rpmnvr' direction='out'/>
 +				</method>
 +				<method name='finish'/>
 +			</interface>
 +		</node>
     """
     def __init__(self, timeout=10):
@@ -58,10 +58,6 @@ class Privileged(object):
         loop.quit()
 if __name__ == "__main__":
 -    bus = SystemMessageBus()
 -    try:
 -        bus.publish_object("/org/fedoraproject/SetroubleshootPrivileged", Privileged())
 -        bus.register_service("org.fedoraproject.SetroubleshootPrivileged")
 -        loop.run()
 -    finally:
 -        bus.disconnect()
 +    bus = SystemBus()
 +    bus.publish("org.fedoraproject.SetroubleshootPrivileged", Privileged())
 +    loop.run()
 diff --git a/framework/src/seapplet b/framework/src/seapplet
 index b5f65d1..79b5ef2 100644
 --- a/framework/src/seapplet
 +++ b/framework/src/seapplet
@@ -26,7 +26,7 @@ from gi.repository import Gtk
 gi.require_version('Notify', '0.7')
 from gi.repository import Notify
 -from dasbus.connection import SystemMessageBus
 +from pydbus import SystemBus
 import selinux
 import sys
@@ -52,14 +52,13 @@ class SEApplet(GObject.Object):
     def __init__(self):
 -        bus = SystemMessageBus()
 -        Setroubleshootd = bus.get_proxy(
 -            'org.fedoraproject.Setroubleshootd',
 -            '/org/fedoraproject/Setroubleshootd'
 +        bus = SystemBus()
 +        self.bus_signal = bus.subscribe(
 +            iface='org.fedoraproject.SetroubleshootdIface',
 +            signal='alert',
 +            signal_fired=self.send_notification
         )
 -        Setroubleshootd.alert.connect(self.send_notification)
 -
         super(SEApplet, self).__init__()
         Notify.init("seapplet")
         # lets initialise with the application name
@@ -81,6 +80,11 @@ class SEApplet(GObject.Object):
         except:
             pass
 +        Setroubleshootd = bus.get(
 +            'org.fedoraproject.Setroubleshootd',
 +            '/org/fedoraproject/Setroubleshootd'
 +        )
 +
         (count, red) = Setroubleshootd.check_for_new(last_id)
         if count > 0:
@@ -115,7 +119,8 @@ class SEApplet(GObject.Object):
         launcher.launch(None, context)
         self.status_icon.set_visible(False)
 -    def send_notification(self, *params):
 +    def send_notification(self, sender, dobject, iface, signal, params):
 +
         status_icon = self.__init_status_icon()
         status_icon.set_visible(True)
 diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
 index 02c4f75..657c882 100755
 --- a/framework/src/setroubleshoot/util.py
 +++ b/framework/src/setroubleshoot/util.py
@@ -69,7 +69,7 @@ __all__ = [
 import bz2
 import six
 import datetime
 -from dasbus.connection import SystemMessageBus
 +from pydbus import SystemBus
 import glob
 from gi.repository import GObject
 import os
@@ -522,11 +522,8 @@ Finds an SELinux module which defines given SELinux context
     """
     if use_dbus:
 -        bus = SystemMessageBus()
 -        remote_object = bus.get_proxy(
 -            "org.fedoraproject.SetroubleshootPrivileged",
 -            "/org/fedoraproject/SetroubleshootPrivileged"
 -        )
 +        bus = SystemBus()
 +        remote_object = bus.get("org.fedoraproject.SetroubleshootPrivileged")
         return str(remote_object.get_rpm_nvr_by_scontext(str(scontext)))
     else:
         context = selinux.context_new(str(scontext))
 -- 
 2.30.2
--- a/SOURCES/0004-Update-translations.patch
+++ b/SOURCES/0004-Update-translations.patch
--- a/SOURCES/0005-Improve-after_first-email-filter-behavior.patch
+++ b/SOURCES/0005-Improve-after_first-email-filter-behavior.patch
@ -0,0 +1,40 @@
 From 73d60acf9d4d7ae740d450f9c9a9566dac1c3111 Mon Sep 17 00:00:00 2001
 From: Petr Lautrbach <plautrba@redhat.com>
 Date: Thu, 3 Feb 2022 18:14:05 +0100
 Subject: [PATCH] Improve after_first email filter behavior
 after_first used to send 2 emails before it started to filter. The
 problem was in the email users were not saved into database when a new
 signature was created.
 Also we need to skip email users when we evaluated whether send a
 desktop notification or not.
 ---
 src/setroubleshoot/server.py | 4 ++++
 1 file changed, 4 insertions(+)
 diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py
 index 771ea15..10ef215 100755
 --- a/framework/src/setroubleshoot/server.py
 +++ b/framework/src/setroubleshoot/server.py
@@ -220,6 +220,7 @@ class AlertPluginReportReceiver(PluginReportReceiver):
             if len(to_addrs):
                 from setroubleshoot.email_alert import email_alert
                 email_alert(siginfo, to_addrs)
 +            self.database.mark_modified()
         log_debug("sending alert to all clients")
@@ -234,6 +235,9 @@ class AlertPluginReportReceiver(PluginReportReceiver):
             systemd.journal.send(siginfo.format_text(), OBJECT_PID=pid, SYSLOG_IDENTIFIER=pkg_name)
         for u in siginfo.users:
 +            if u.username[0:6] == "email:":
 +                # skip email users - they were evaluated before
 +                continue
             action = siginfo.evaluate_filter_for_user(u.username)
             if action == "ignore":
                 return siginfo
 -- 
 2.30.2
--- a/SOURCES/0006-Update-translations.patch
+++ b/SOURCES/0006-Update-translations.patch
--- a/SPECS/setroubleshoot.spec
+++ b/SPECS/setroubleshoot.spec
@ -1,25 +1,28 @@
 Summary: Helps troubleshoot SELinux problems
 Name: setroubleshoot
-Version: 3.3.24
+Version: 3.3.26
-Release: 4%{?dist}
+Release: 3%{?dist}
 License: GPLv2+
 URL: https://gitlab.com/setroubleshoot/framework
 Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
 Source1: %{name}.tmpfiles
-# git format-patch --src-prefix=a/framework/ --dst-prefix=b/framework/ -N setroubleshoot-3.3.24 -- framework
+# git format-patch --src-prefix=a/framework/ --dst-prefix=b/framework/ -N setroubleshoot-3.3.26 -- . ':!doc/developers_guide.wiki' ':!test/README.testing'
 # i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
-Patch0001: 0001-framework-Update-translations.patch
+Patch0001: 0001-Stop-SetroubleshootFixit-after-10-seconds-of-inactiv.patch
-Patch0002: 0002-framework-util-optimize-get_rpm_nvr_by_type-by-addin.patch
+Patch0002: 0002-Do-not-use-Python-slip-package.patch
-Patch0003: 0003-framework-sealert-exit-on-any-connection-close.patch
+Patch0003: 0003-Fix-typos-in-help-man-pages-and-developer-s-guide.patch
-Patch0004: 0004-Update-translations.patch
+Patch0004: 0004-Revert-Replace-pydbus-with-dasbus.patch
 Patch0005: 0005-Improve-after_first-email-filter-behavior.patch
 Patch0006: 0006-Update-translations.patch
 BuildRequires: gcc
 BuildRequires: make
 BuildRequires: libcap-ng-devel
 BuildRequires: intltool gettext python3 python3-devel
 BuildRequires: desktop-file-utils dbus-glib-devel gtk2-devel libnotify-devel audit-libs-devel libselinux-devel polkit-devel
 BuildRequires: python3-libselinux python3-pydbus python3-gobject gtk3-devel
 Requires: %{name}-server = %{version}-%{release} 
 Requires: gtk3, libnotify
-Requires: libreport-gtk >= 2.2.1-2, libreport-python3
+Requires: libreport-gtk >= 2.2.1-2, python3-libreport
 Requires: python3-gobject, python3-pydbus
 Requires(post): desktop-file-utils
 Requires(post): dbus
@ -105,7 +108,7 @@ Requires: libselinux-python3  >= 2.1.5-1
 Requires: policycoreutils-python-utils
 BuildRequires: intltool gettext python3
 BuildRequires: python3-devel
-Requires: python3-slip-dbus systemd-python3 >= 206-1
+Requires: systemd-python3 >= 206-1
 Requires: python3-gobject >= 3.11
 Requires: dbus
 Requires: python3-dbus python3-pydbus
@ -200,6 +203,22 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
 %doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO
 %changelog
 * Fri Feb 25 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-3
 - Update translations (#2017299)
 * Fri Feb 11 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-2
 - Improve after_first email filter behavior (#2050734)
 * Fri Dec 10 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-1
 - Revert "Replace pydbus with dasbus"
 - Fix typos in --help, man pages and developer's guide (#2028226)
 - Do not use Python slip package
 - Stop SetroubleshootFixit after 10 seconds of inactivity
 - Fix plugin exception reporting
 - export alert dbus signal
 - Make sure local_policy_package is not None
 - sealert: add "Last Seen" column to alert list
 * Mon Sep 27 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-4
 - Update translations (#1962030)
@ -1953,4 +1972,3 @@ it has already been seen
 * Fri May 19 2006 John Dennis <jdennis@redhat.com> - 0.1-1
 - Initial build.
`@ -1 +1 @@`
	`SOURCES/setroubleshoot-3.3.24.tar.gz`	`SOURCES/setroubleshoot-3.3.26.tar.gz`
`@ -1 +1 @@`
	`d0ea80b5f1af32ae7f424e03b3d9f11c23aac1ed SOURCES/setroubleshoot-3.3.24.tar.gz`	`dab49dd85f3d8489fef60d2b94c4931cc9c473ea SOURCES/setroubleshoot-3.3.26.tar.gz`