- Miscellaneous python and build system changes
- Fix couple of typos
- Drop Python2 support
- Use inspect.signature() instead of instead.getargspec()
- Update translations
A system which uses rpm ostree doesn't install rpms but images which are
pre-created in a build system. There's no guarantee that the build
system has the same uid/gid mapping for setroubleshoot as the local system.
systemd-tmpfiles's 'Z' type recursivelly sets the user and group
ownership on every reboot.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2012943
Previously the alarm was reset only in main DBUS thread and only when a new AVC
appeared. In cases when there were several AVC messages in short time, analyses
could take more than a default timeout and later analyses were not saved to
the database. Now we cancel pending timeouts before analyze_avc() and reset the
timeout back to default when it's done.
Fixes:
$ journalctl | grep 'sealert -l'
setroubleshoot[314039]: SELinux is preventing bash from search access on the directory .local. For complete SELinux messages run: sealert -l ccf3307a-f4ab-4584-87c6-63884daf841a
$ sealert -l ccf3307a-f4ab-4584-87c6-63884daf841a
Error
query_alerts error (1003): id (ccf3307a-f4ab-4584-87c6-63884daf841a) not found
Policy packages to be used in the test are specified using
TEST_PACKAGES variable in the Makefile. Corresponding avc_<package_name>
file has to exist for each such package.
avc_<package_name> files contain AVCs with "scontext" domain defined
in policy module installed by <package_name> RPM. The test verifies that
setroubleshoot is able to properly identify the source package.
- browser: Check return value of Gdk.Screen().get_default()
- Improve and unify error messages
- setroubleshoot.util: Catch exceptions from sepolicy import
- Add dpkg support
- Do not refer to hardcoded selinux-policy rpm in signature
- Make date/time format locale specific
- Improve speed of plugin evaluation
short.log exposes a problem with Plugin Exception in catchall_labels plugin
Covers "'generator' object is not subscriptable" in sealert output:
$ sealert -a ./short.log
100% done'generator' object is not subscriptable
100% done
found 2 alerts in ./short.log
...
- when first grep fails print journal as well
- check for setroubleshoot-server instead of setroubleshoot
- improve grep assert to match "passwd" and "/usr/bin/passwd"
This test should cover cases when setroubleshoot reports "Plugin Exception"
during analyses, see https://bugzilla.redhat.com/show_bug.cgi?id=1784564
Example log with the reported problem:
setroubleshoot[834]: Plugin Exception catchall_labels
setroubleshoot[834]: Plugin Exception file
setroubleshoot[834]: Plugin Exception openvpn