Policy packages to be used in the test are specified using
TEST_PACKAGES variable in the Makefile. Corresponding avc_<package_name>
file has to exist for each such package.
avc_<package_name> files contain AVCs with "scontext" domain defined
in policy module installed by <package_name> RPM. The test verifies that
setroubleshoot is able to properly identify the source package.
- browser: Check return value of Gdk.Screen().get_default()
- Improve and unify error messages
- setroubleshoot.util: Catch exceptions from sepolicy import
- Add dpkg support
- Do not refer to hardcoded selinux-policy rpm in signature
- Make date/time format locale specific
- Improve speed of plugin evaluation
short.log exposes a problem with Plugin Exception in catchall_labels plugin
Covers "'generator' object is not subscriptable" in sealert output:
$ sealert -a ./short.log
100% done'generator' object is not subscriptable
100% done
found 2 alerts in ./short.log
...
- when first grep fails print journal as well
- check for setroubleshoot-server instead of setroubleshoot
- improve grep assert to match "passwd" and "/usr/bin/passwd"
This test should cover cases when setroubleshoot reports "Plugin Exception"
during analyses, see https://bugzilla.redhat.com/show_bug.cgi?id=1784564
Example log with the reported problem:
setroubleshoot[834]: Plugin Exception catchall_labels
setroubleshoot[834]: Plugin Exception file
setroubleshoot[834]: Plugin Exception openvpn
- Update "missing" scripts to automake-1.15
- Add active polling for acquiring policy file
- Fix translation of hex values in AVCs
- require initscripts to ensure that "service" call works properly
- Add man page for seapplet
- setroubleshoot-server: only require gobject-base
When only the server is being installed, there is no need for the
cairo portions of gobject. This change avoids pulling in the X11
stack.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
When setroubleshoot sedispatch is installed, or updated, auditd needs to be
reloaded so that it runs the new installed plugin. Since auditd needs to know
who reloaded him, `systemctl` can't be used. We need to use `service` script.
This fixes the problem when setroubleshoot is installed, but it doesn't collect
AVC denial messages until the machine is rebooted.
/com/redhat/setroubleshootd interface is not used for years therefore we can
drop it.
- Do not show status_icon when there's no alert (#1543758)
- Run seapplet only on SELinux enabled system (#1541631)
- Use context in Gio.AppInfo.launch (#1542156)
None of currently supported distributions need that.
Last one was EL5 which is EOL for a while.
Signed-off-by: Igor Gnatenko <ignatenkobrain@fedoraproject.org>
- Rewrite seapplet to Python3 to use Notify and Gtk 3.0
- Add setroubleshoot-seappletlegacy with legacy seappletlegacy based on Gtk 2
- sealert: Finish dbus communication after error
- Increase the space for suggested solutions in sealert
- Highlight suggestions with the highest confidence
- Remove additional "If " string from plugin messages
- Fix sealert message for process2 (#1507909)
- Do not change if_string[0] to lowercase
- Don't stop when the plugin directory is empty
- Fix missing margins on Troubleshoot window
- Resize all solutions panels horizontally
- Fix missing priority color for proposed solutions
- Do not split If sentences to framework and plugins - requires
setroubleshoot-plugins 3.3.8 at least (rhbz#1210243, rhbz#1322734,
hbz#1115510)
- Set translation domain for Gtk.Builder() object to have strings
correctly translated
- Make labels on GtkButtons translatable
- Handla all exceptions from do_analyze_logfile()
- Fix semi-translated messages
- Update translations
- Do not catch POSIX signals (rhbz#1366004, rhbz#1419245)