Compare commits
No commits in common. "c8" and "c9-beta" have entirely different histories.
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/setroubleshoot-3.3.26.tar.gz
|
SOURCES/setroubleshoot-3.3.32.tar.gz
|
||||||
|
1
.setroubleshoot.metadata
Normal file
1
.setroubleshoot.metadata
Normal file
@ -0,0 +1 @@
|
|||||||
|
6ee4101312b8c2b98ea7d007eccd62918f59c4f3 SOURCES/setroubleshoot-3.3.32.tar.gz
|
@ -1,45 +0,0 @@
|
|||||||
From 78840f4e0bd41d3ba1b3c90b909e6c2cf7ef4ea7 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Wed, 14 Apr 2021 17:03:39 +0200
|
|
||||||
Subject: [PATCH] Stop SetroubleshootFixit after 10 seconds of inactivity
|
|
||||||
|
|
||||||
---
|
|
||||||
src/SetroubleshootFixit.py | 9 +++++++++
|
|
||||||
1 file changed, 9 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/framework/src/SetroubleshootFixit.py b/framework/src/SetroubleshootFixit.py
|
|
||||||
index 15c6cab..f7cbf95 100644
|
|
||||||
--- a/framework/src/SetroubleshootFixit.py
|
|
||||||
+++ b/framework/src/SetroubleshootFixit.py
|
|
||||||
@@ -7,6 +7,7 @@ from gi.repository import GLib
|
|
||||||
import slip.dbus.service
|
|
||||||
from slip.dbus import polkit
|
|
||||||
import os
|
|
||||||
+import signal
|
|
||||||
|
|
||||||
|
|
||||||
class RunFix(slip.dbus.service.Object):
|
|
||||||
@@ -14,12 +15,20 @@ class RunFix(slip.dbus.service.Object):
|
|
||||||
|
|
||||||
def __init__(self, *p, **k):
|
|
||||||
super(RunFix, self).__init__(*p, **k)
|
|
||||||
+ self.timeout = 10
|
|
||||||
+ self.alarm(self.timeout)
|
|
||||||
+
|
|
||||||
+ def alarm(self, timeout=10):
|
|
||||||
+ signal.alarm(timeout)
|
|
||||||
+
|
|
||||||
|
|
||||||
@dbus.service.method("org.fedoraproject.SetroubleshootFixit", in_signature='ss', out_signature='s')
|
|
||||||
def run_fix(self, local_id, analysis_id):
|
|
||||||
import subprocess
|
|
||||||
+ self.alarm(0)
|
|
||||||
command = ["sealert", "-f", local_id, "-P", analysis_id]
|
|
||||||
return subprocess.check_output(command, universal_newlines=True)
|
|
||||||
+ self.alarm(self.timeout)
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
mainloop = GLib.MainLoop()
|
|
||||||
--
|
|
||||||
2.30.2
|
|
||||||
|
|
@ -0,0 +1,71 @@
|
|||||||
|
From 2f9e575333af7c7798956f211c29a46a338155e5 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Mon, 24 Jul 2023 17:33:17 +0200
|
||||||
|
Subject: [PATCH] 'imp' module is deprecated in favor of 'importlib'
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224393
|
||||||
|
---
|
||||||
|
src/setroubleshoot/util.py | 26 ++++++++------------------
|
||||||
|
1 file changed, 8 insertions(+), 18 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/setroubleshoot/util.py b/src/setroubleshoot/util.py
|
||||||
|
index 0e02f12de682..828a598ef1c2 100755
|
||||||
|
--- a/src/setroubleshoot/util.py
|
||||||
|
+++ b/src/setroubleshoot/util.py
|
||||||
|
@@ -73,6 +73,7 @@ import datetime
|
||||||
|
from dasbus.connection import SystemMessageBus
|
||||||
|
import glob
|
||||||
|
from gi.repository import GObject
|
||||||
|
+import importlib
|
||||||
|
import os
|
||||||
|
import pwd
|
||||||
|
import re
|
||||||
|
@@ -771,37 +772,26 @@ def load_plugins(filter_glob=None):
|
||||||
|
|
||||||
|
# load the parent (e.g. the package containing the submodules), required for python 2.5 and above
|
||||||
|
module_name = plugin_base
|
||||||
|
- plugin_name = '__init__'
|
||||||
|
if module_name not in sys.modules:
|
||||||
|
try:
|
||||||
|
- import imp
|
||||||
|
- mod_fp, mod_path, mod_description = imp.find_module(plugin_name, [plugin_dir])
|
||||||
|
- mod = imp.load_module(module_name, mod_fp, mod_path, mod_description)
|
||||||
|
+ mod_spec = importlib.util.spec_from_file_location(plugin_base, plugin_dir + "/__init__.py")
|
||||||
|
+ mod = importlib.util.module_from_spec(mod_spec)
|
||||||
|
+ mod_spec.loader.exec_module(mod)
|
||||||
|
except Exception as e:
|
||||||
|
syslog.syslog(syslog.LOG_ERR, "failed to initialize plugins in %s: %s" % (plugin_dir, str(e)))
|
||||||
|
return []
|
||||||
|
|
||||||
|
- if mod_fp:
|
||||||
|
- mod_fp.close()
|
||||||
|
-
|
||||||
|
for plugin_name in plugin_names:
|
||||||
|
module_name = "%s.%s" % (plugin_base, plugin_name)
|
||||||
|
- mod = sys.modules.get(module_name)
|
||||||
|
- if mod is not None:
|
||||||
|
- log_debug("load_plugins() %s previously imported" % module_name)
|
||||||
|
- plugins.append(mod.plugin())
|
||||||
|
- continue
|
||||||
|
+
|
||||||
|
try:
|
||||||
|
- import imp
|
||||||
|
- mod_fp, mod_path, mod_description = imp.find_module(plugin_name, [plugin_dir])
|
||||||
|
- mod = imp.load_module(module_name, mod_fp, mod_path, mod_description)
|
||||||
|
+ mod_spec = importlib.util.spec_from_file_location(module_name, plugin_dir + "/" + plugin_name + ".py")
|
||||||
|
+ mod = importlib.util.module_from_spec(mod_spec)
|
||||||
|
+ mod_spec.loader.exec_module(mod)
|
||||||
|
plugins.append(mod.plugin())
|
||||||
|
except Exception as e:
|
||||||
|
syslog.syslog(syslog.LOG_ERR, "failed to load %s plugin: %s" % (plugin_name, str(e)))
|
||||||
|
|
||||||
|
- if mod_fp:
|
||||||
|
- mod_fp.close()
|
||||||
|
-
|
||||||
|
plugins.sort(key=cmp_to_key(sort_plugins))
|
||||||
|
return plugins
|
||||||
|
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
29
SOURCES/0002-Always-reset-pending-alarms-when-alarm-0.patch
Normal file
29
SOURCES/0002-Always-reset-pending-alarms-when-alarm-0.patch
Normal file
@ -0,0 +1,29 @@
|
|||||||
|
From 659f10a0ab422251f4d6857fb34ddf1c25b21b37 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Wed, 3 May 2023 09:35:28 +0200
|
||||||
|
Subject: [PATCH] Always reset pending alarms when alarm(0)
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2112573
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
---
|
||||||
|
src/setroubleshoot/server.py | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/setroubleshoot/server.py b/src/setroubleshoot/server.py
|
||||||
|
index fd89a5448912..2b1b0b1c30d0 100755
|
||||||
|
--- a/src/setroubleshoot/server.py
|
||||||
|
+++ b/src/setroubleshoot/server.py
|
||||||
|
@@ -703,7 +703,7 @@ Deletes an alert from the database.
|
||||||
|
return ""
|
||||||
|
|
||||||
|
def alarm(self, timeout=10):
|
||||||
|
- if self.conn_ctr == 0:
|
||||||
|
+ if self.conn_ctr == 0 or timeout == 0:
|
||||||
|
signal.alarm(timeout)
|
||||||
|
|
||||||
|
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -1,103 +0,0 @@
|
|||||||
From e9def2b8b0098842d0223d0951f41e2106821a88 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Wed, 14 Apr 2021 17:04:59 +0200
|
|
||||||
Subject: [PATCH] Do not use Python slip package
|
|
||||||
|
|
||||||
It's not maintained anymore and it allows us to drop dependency on
|
|
||||||
Python slip package
|
|
||||||
|
|
||||||
Use DBUS polkit interface instead -
|
|
||||||
https://www.freedesktop.org/software/polkit/docs/latest/eggdbus-interface-org.freedesktop.PolicyKit1.Authority.html
|
|
||||||
---
|
|
||||||
src/SetroubleshootFixit.py | 35 +++++++++++++++++++++++++----------
|
|
||||||
src/setroubleshoot/browser.py | 3 ---
|
|
||||||
2 files changed, 25 insertions(+), 13 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/framework/src/SetroubleshootFixit.py b/framework/src/SetroubleshootFixit.py
|
|
||||||
index f7cbf95..ab0ad2b 100644
|
|
||||||
--- a/framework/src/SetroubleshootFixit.py
|
|
||||||
+++ b/framework/src/SetroubleshootFixit.py
|
|
||||||
@@ -4,13 +4,11 @@ import dbus
|
|
||||||
import dbus.service
|
|
||||||
import dbus.mainloop.glib
|
|
||||||
from gi.repository import GLib
|
|
||||||
-import slip.dbus.service
|
|
||||||
-from slip.dbus import polkit
|
|
||||||
import os
|
|
||||||
import signal
|
|
||||||
+import subprocess
|
|
||||||
|
|
||||||
-
|
|
||||||
-class RunFix(slip.dbus.service.Object):
|
|
||||||
+class RunFix(dbus.service.Object):
|
|
||||||
default_polkit_auth_required = "org.fedoraproject.setroubleshootfixit.write"
|
|
||||||
|
|
||||||
def __init__(self, *p, **k):
|
|
||||||
@@ -21,14 +19,32 @@ class RunFix(slip.dbus.service.Object):
|
|
||||||
def alarm(self, timeout=10):
|
|
||||||
signal.alarm(timeout)
|
|
||||||
|
|
||||||
-
|
|
||||||
- @dbus.service.method("org.fedoraproject.SetroubleshootFixit", in_signature='ss', out_signature='s')
|
|
||||||
- def run_fix(self, local_id, analysis_id):
|
|
||||||
- import subprocess
|
|
||||||
+ def is_authorized(self, sender):
|
|
||||||
+ bus = dbus.SystemBus()
|
|
||||||
+
|
|
||||||
+ proxy = bus.get_object('org.freedesktop.PolicyKit1', '/org/freedesktop/PolicyKit1/Authority')
|
|
||||||
+ authority = dbus.Interface(proxy, dbus_interface='org.freedesktop.PolicyKit1.Authority')
|
|
||||||
+ subject = ('system-bus-name', {'name' : sender})
|
|
||||||
+ action_id = 'org.fedoraproject.setroubleshootfixit.write'
|
|
||||||
+ details = {}
|
|
||||||
+ flags = 1 # AllowUserInteraction flag
|
|
||||||
+ cancellation_id = '' # No cancellation id
|
|
||||||
+ result = authority.CheckAuthorization(subject, action_id, details, flags, cancellation_id)
|
|
||||||
+ return result[0]
|
|
||||||
+
|
|
||||||
+ @dbus.service.method("org.fedoraproject.SetroubleshootFixit", sender_keyword="sender", in_signature='ss', out_signature='s')
|
|
||||||
+ def run_fix(self, local_id, analysis_id, sender):
|
|
||||||
self.alarm(0)
|
|
||||||
command = ["sealert", "-f", local_id, "-P", analysis_id]
|
|
||||||
- return subprocess.check_output(command, universal_newlines=True)
|
|
||||||
+
|
|
||||||
+ if self.is_authorized(sender):
|
|
||||||
+ result = subprocess.check_output(command, universal_newlines=True)
|
|
||||||
+ else:
|
|
||||||
+ result = "Authorization failed"
|
|
||||||
+
|
|
||||||
self.alarm(self.timeout)
|
|
||||||
+ return result
|
|
||||||
+
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
mainloop = GLib.MainLoop()
|
|
||||||
@@ -36,5 +52,4 @@ if __name__ == "__main__":
|
|
||||||
system_bus = dbus.SystemBus()
|
|
||||||
name = dbus.service.BusName("org.fedoraproject.SetroubleshootFixit", system_bus)
|
|
||||||
object = RunFix(system_bus, "/org/fedoraproject/SetroubleshootFixit/object")
|
|
||||||
- slip.dbus.service.set_mainloop(mainloop)
|
|
||||||
mainloop.run()
|
|
||||||
diff --git a/framework/src/setroubleshoot/browser.py b/framework/src/setroubleshoot/browser.py
|
|
||||||
index 2d37bb4..3203f75 100644
|
|
||||||
--- a/framework/src/setroubleshoot/browser.py
|
|
||||||
+++ b/framework/src/setroubleshoot/browser.py
|
|
||||||
@@ -65,8 +65,6 @@ from setroubleshoot.util import *
|
|
||||||
from setroubleshoot.html_util import html_to_text
|
|
||||||
import re
|
|
||||||
import dbus
|
|
||||||
-import slip.dbus.service
|
|
||||||
-from slip.dbus import polkit
|
|
||||||
import report
|
|
||||||
import report.io
|
|
||||||
import report.io.GTKIO
|
|
||||||
@@ -933,7 +931,6 @@ class DBusProxy (object):
|
|
||||||
self.bus = dbus.SystemBus()
|
|
||||||
self.dbus_object = self.bus.get_object("org.fedoraproject.SetroubleshootFixit", "/org/fedoraproject/SetroubleshootFixit/object")
|
|
||||||
|
|
||||||
- @polkit.enable_proxy
|
|
||||||
def run_fix(self, local_id, plugin_name):
|
|
||||||
return self.dbus_object.run_fix(local_id, plugin_name, dbus_interface="org.fedoraproject.SetroubleshootFixit")
|
|
||||||
|
|
||||||
--
|
|
||||||
2.30.2
|
|
||||||
|
|
@ -1,82 +0,0 @@
|
|||||||
From f6a21742b2531f5dfd0fa68400848ca4314f972f Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Mon, 6 Dec 2021 12:14:04 +0100
|
|
||||||
Subject: [PATCH] Fix typos in --help, man pages and developer's guide
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
TODO | 2 +-
|
|
||||||
doc/sealert.8 | 2 +-
|
|
||||||
src/config.py.in | 2 +-
|
|
||||||
src/sealert | 2 +-
|
|
||||||
src/setroubleshoot/server.py | 2 +-
|
|
||||||
5 files changed, 5 insertions(+), 5 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/framework/TODO b/framework/TODO
|
|
||||||
index 6c2f375..25072ea 100644
|
|
||||||
--- a/framework/TODO
|
|
||||||
+++ b/framework/TODO
|
|
||||||
@@ -22,7 +22,7 @@ return plain text (to be used for plaintext email and writing to
|
|
||||||
stdout).
|
|
||||||
|
|
||||||
(John) Add log file scanning support (I'm currently working on this).
|
|
||||||
-We could use a better parser for AVC's in log file or other "stream",
|
|
||||||
+We could use a better parser for AVCs in log file or other "stream",
|
|
||||||
should work by accepting data via a feed() method and invoke a
|
|
||||||
callback when it finds an AVC returning an AVC class and a range
|
|
||||||
(start,end) where it was located (question: should the range be line
|
|
||||||
diff --git a/framework/doc/sealert.8 b/framework/doc/sealert.8
|
|
||||||
index 89f4dff..d3e81e3 100644
|
|
||||||
--- a/framework/doc/sealert.8
|
|
||||||
+++ b/framework/doc/sealert.8
|
|
||||||
@@ -102,7 +102,7 @@ Start sealert without dbus service as stand alone app
|
|
||||||
Lookup alert by id, if id is wildcard * then return all alerts
|
|
||||||
.TP
|
|
||||||
.B \-a \-\-analyze file
|
|
||||||
-Scan a log file, analyze its AVC's
|
|
||||||
+Scan a log file, analyze its AVCs
|
|
||||||
.TP
|
|
||||||
.B \-u \-\-user
|
|
||||||
logon as user
|
|
||||||
diff --git a/framework/src/config.py.in b/framework/src/config.py.in
|
|
||||||
index cbb0542..daf9a68 100644
|
|
||||||
--- a/framework/src/config.py.in
|
|
||||||
+++ b/framework/src/config.py.in
|
|
||||||
@@ -184,7 +184,7 @@ the alert's last seen date will be purged first. Zero implies no limit''',
|
|
||||||
'max_alert_age': {
|
|
||||||
'value': '',
|
|
||||||
'description' : '''
|
|
||||||
-Purge any alerts whose age based on it's last seen date exceeds this threshold.
|
|
||||||
+Purge any alerts whose age based on its last seen date exceeds this threshold.
|
|
||||||
Age may be specified as a sequence of integer unit pairs. Units may be one of
|
|
||||||
year,month,week,day,hour,minute,second and may optionally be plural.
|
|
||||||
Example: '2 weeks 1 day' sets the threshold at 15 days.
|
|
||||||
diff --git a/framework/src/sealert b/framework/src/sealert
|
|
||||||
index bae0c81..2663a21 100755
|
|
||||||
--- a/framework/src/sealert
|
|
||||||
+++ b/framework/src/sealert
|
|
||||||
@@ -598,7 +598,7 @@ if __name__ == '__main__':
|
|
||||||
parser.add_option("-l", "--lookupid", dest="lookupid", default=False,
|
|
||||||
help="Lookup alert by id, id may be wildcard * to lookup all alerts")
|
|
||||||
parser.add_option("-a", "--analyze", dest="analyze", default=False,
|
|
||||||
- help="Scan a log file, analyze it's AVC's", metavar="FILE")
|
|
||||||
+ help="Scan a log file, analyze its AVCs", metavar="FILE")
|
|
||||||
parser.add_option("-u", "--user", dest="user", default=False,
|
|
||||||
help="logon user name")
|
|
||||||
parser.add_option("-p", "--password", dest="password", default=False,
|
|
||||||
diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py
|
|
||||||
index aef0346..771ea15 100755
|
|
||||||
--- a/framework/src/setroubleshoot/server.py
|
|
||||||
+++ b/framework/src/setroubleshoot/server.py
|
|
||||||
@@ -764,7 +764,7 @@ def RunFaultServer(timeout=10):
|
|
||||||
try:
|
|
||||||
# FIXME: should this be using our logging objects in log.py?
|
|
||||||
# currently syslog is only used for putting an alert into
|
|
||||||
- # the syslog with it's id
|
|
||||||
+ # the syslog with its id
|
|
||||||
|
|
||||||
global pkg_name
|
|
||||||
syslog.openlog(pkg_name)
|
|
||||||
--
|
|
||||||
2.30.2
|
|
||||||
|
|
@ -0,0 +1,52 @@
|
|||||||
|
From 502d06c8fa86b53198a2f4aeb59efdf1203531d6 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
Date: Wed, 3 May 2023 10:17:06 +0200
|
||||||
|
Subject: [PATCH] gitlab-ci: use apt-get to install python3-dbus package
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
Content-type: text/plain
|
||||||
|
|
||||||
|
Fixes:
|
||||||
|
$ pip3 install dasbus
|
||||||
|
error: externally-managed-environment
|
||||||
|
× This environment is externally managed
|
||||||
|
╰─> To install Python packages system-wide, try apt install
|
||||||
|
python3-xyz, where xyz is the package you are trying to
|
||||||
|
install.
|
||||||
|
|
||||||
|
If you wish to install a non-Debian-packaged Python package,
|
||||||
|
create a virtual environment using python3 -m venv path/to/venv.
|
||||||
|
Then use path/to/venv/bin/python and path/to/venv/bin/pip. Make
|
||||||
|
sure you have python3-full installed.
|
||||||
|
|
||||||
|
If you wish to install a non-Debian packaged Python application,
|
||||||
|
it may be easiest to use pipx install xyz, which will manage a
|
||||||
|
virtual environment for you. Make sure you have pipx installed.
|
||||||
|
|
||||||
|
See /usr/share/doc/python3.11/README.venv for more information.
|
||||||
|
note: If you believe this is a mistake, please contact your Python installation or OS distribution provider. You can override this, at the risk of breaking your Python installation or OS, by passing --break-system-packages.
|
||||||
|
hint: See PEP 668 for the detailed specification.
|
||||||
|
|
||||||
|
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
|
||||||
|
---
|
||||||
|
.gitlab-ci.yml | 3 +--
|
||||||
|
1 file changed, 1 insertion(+), 2 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
|
||||||
|
index e82e12f66737..bea5081bb0b9 100644
|
||||||
|
--- a/.gitlab-ci.yml
|
||||||
|
+++ b/.gitlab-ci.yml
|
||||||
|
@@ -30,8 +30,7 @@ build:debian:
|
||||||
|
- >
|
||||||
|
apt-get -y install autoconf automake libglib2.0-dev libdbus-glib-1-dev libnotify-dev
|
||||||
|
libgtk-3-dev gcc python3-selinux python3-gi python3-dbus python3-six python3-sepolicy
|
||||||
|
- xdg-utils make intltool libaudit-dev libauparse-dev python3-pip
|
||||||
|
- - pip3 install dasbus
|
||||||
|
+ xdg-utils make intltool libaudit-dev libauparse-dev python3-pip python3-dasbus
|
||||||
|
- ./autogen.sh
|
||||||
|
- make
|
||||||
|
- make install
|
||||||
|
--
|
||||||
|
2.41.0
|
||||||
|
|
@ -1,174 +0,0 @@
|
|||||||
From e0cf9f2e50e8da856ffd511cbbab7ee36a31bb74 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Fri, 10 Dec 2021 15:04:21 +0100
|
|
||||||
Subject: [PATCH] Revert "Replace pydbus with dasbus"
|
|
||||||
|
|
||||||
dasbus is not available in rhel8.
|
|
||||||
|
|
||||||
This reverts commit 5290ca0ee06d69102bf2b756e2decc0f8c5b770f.
|
|
||||||
---
|
|
||||||
configure.ac | 6 +++---
|
|
||||||
src/SetroubleshootPrivileged.py | 32 ++++++++++++++------------------
|
|
||||||
src/seapplet | 21 +++++++++++++--------
|
|
||||||
src/setroubleshoot/util.py | 9 +++------
|
|
||||||
4 files changed, 33 insertions(+), 35 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/framework/configure.ac b/framework/configure.ac
|
|
||||||
index d1d0176..e3b7b5a 100644
|
|
||||||
--- a/framework/configure.ac
|
|
||||||
+++ b/framework/configure.ac
|
|
||||||
@@ -65,13 +65,13 @@ else
|
|
||||||
$python_module_result])
|
|
||||||
fi
|
|
||||||
|
|
||||||
-AC_MSG_CHECKING([for the dasbus python3 module])
|
|
||||||
-python_module_result=`$PYTHON -c "import dasbus" 2>&1`
|
|
||||||
+AC_MSG_CHECKING([for the pydbus python3 module])
|
|
||||||
+python_module_result=`$PYTHON -c "import pydbus" 2>&1`
|
|
||||||
if test -z "$python_module_result"; then
|
|
||||||
AC_MSG_RESULT([yes])
|
|
||||||
else
|
|
||||||
AC_MSG_RESULT([no])
|
|
||||||
- AC_MSG_ERROR([cannot import Python3 module dasbus.
|
|
||||||
+ AC_MSG_ERROR([cannot import Python3 module pydbus.
|
|
||||||
Please check your Python3 installation. The error was:
|
|
||||||
$python_module_result])
|
|
||||||
fi
|
|
||||||
diff --git a/framework/src/SetroubleshootPrivileged.py b/framework/src/SetroubleshootPrivileged.py
|
|
||||||
index d2a9ea4..899e687 100644
|
|
||||||
--- a/framework/src/SetroubleshootPrivileged.py
|
|
||||||
+++ b/framework/src/SetroubleshootPrivileged.py
|
|
||||||
@@ -19,23 +19,23 @@
|
|
||||||
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
||||||
|
|
||||||
from gi.repository import GLib
|
|
||||||
-from dasbus.connection import SystemMessageBus
|
|
||||||
+from pydbus import SystemBus
|
|
||||||
import setroubleshoot.util
|
|
||||||
import signal
|
|
||||||
|
|
||||||
loop = GLib.MainLoop()
|
|
||||||
|
|
||||||
class Privileged(object):
|
|
||||||
- __dbus_xml__ = """
|
|
||||||
- <node>
|
|
||||||
- <interface name='org.fedoraproject.SetroubleshootPrivileged'>
|
|
||||||
- <method name='get_rpm_nvr_by_scontext'>
|
|
||||||
- <arg type='s' name='scontext' direction='in'/>
|
|
||||||
- <arg type='s' name='rpmnvr' direction='out'/>
|
|
||||||
- </method>
|
|
||||||
- <method name='finish'/>
|
|
||||||
- </interface>
|
|
||||||
- </node>
|
|
||||||
+ """
|
|
||||||
+ <node>
|
|
||||||
+ <interface name='org.fedoraproject.SetroubleshootPrivileged'>
|
|
||||||
+ <method name='get_rpm_nvr_by_scontext'>
|
|
||||||
+ <arg type='s' name='scontext' direction='in'/>
|
|
||||||
+ <arg type='s' name='rpmnvr' direction='out'/>
|
|
||||||
+ </method>
|
|
||||||
+ <method name='finish'/>
|
|
||||||
+ </interface>
|
|
||||||
+ </node>
|
|
||||||
"""
|
|
||||||
|
|
||||||
def __init__(self, timeout=10):
|
|
||||||
@@ -58,10 +58,6 @@ class Privileged(object):
|
|
||||||
loop.quit()
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
- bus = SystemMessageBus()
|
|
||||||
- try:
|
|
||||||
- bus.publish_object("/org/fedoraproject/SetroubleshootPrivileged", Privileged())
|
|
||||||
- bus.register_service("org.fedoraproject.SetroubleshootPrivileged")
|
|
||||||
- loop.run()
|
|
||||||
- finally:
|
|
||||||
- bus.disconnect()
|
|
||||||
+ bus = SystemBus()
|
|
||||||
+ bus.publish("org.fedoraproject.SetroubleshootPrivileged", Privileged())
|
|
||||||
+ loop.run()
|
|
||||||
diff --git a/framework/src/seapplet b/framework/src/seapplet
|
|
||||||
index b5f65d1..79b5ef2 100644
|
|
||||||
--- a/framework/src/seapplet
|
|
||||||
+++ b/framework/src/seapplet
|
|
||||||
@@ -26,7 +26,7 @@ from gi.repository import Gtk
|
|
||||||
gi.require_version('Notify', '0.7')
|
|
||||||
from gi.repository import Notify
|
|
||||||
|
|
||||||
-from dasbus.connection import SystemMessageBus
|
|
||||||
+from pydbus import SystemBus
|
|
||||||
|
|
||||||
import selinux
|
|
||||||
import sys
|
|
||||||
@@ -52,14 +52,13 @@ class SEApplet(GObject.Object):
|
|
||||||
|
|
||||||
def __init__(self):
|
|
||||||
|
|
||||||
- bus = SystemMessageBus()
|
|
||||||
- Setroubleshootd = bus.get_proxy(
|
|
||||||
- 'org.fedoraproject.Setroubleshootd',
|
|
||||||
- '/org/fedoraproject/Setroubleshootd'
|
|
||||||
+ bus = SystemBus()
|
|
||||||
+ self.bus_signal = bus.subscribe(
|
|
||||||
+ iface='org.fedoraproject.SetroubleshootdIface',
|
|
||||||
+ signal='alert',
|
|
||||||
+ signal_fired=self.send_notification
|
|
||||||
)
|
|
||||||
|
|
||||||
- Setroubleshootd.alert.connect(self.send_notification)
|
|
||||||
-
|
|
||||||
super(SEApplet, self).__init__()
|
|
||||||
Notify.init("seapplet")
|
|
||||||
# lets initialise with the application name
|
|
||||||
@@ -81,6 +80,11 @@ class SEApplet(GObject.Object):
|
|
||||||
except:
|
|
||||||
pass
|
|
||||||
|
|
||||||
+ Setroubleshootd = bus.get(
|
|
||||||
+ 'org.fedoraproject.Setroubleshootd',
|
|
||||||
+ '/org/fedoraproject/Setroubleshootd'
|
|
||||||
+ )
|
|
||||||
+
|
|
||||||
(count, red) = Setroubleshootd.check_for_new(last_id)
|
|
||||||
|
|
||||||
if count > 0:
|
|
||||||
@@ -115,7 +119,8 @@ class SEApplet(GObject.Object):
|
|
||||||
launcher.launch(None, context)
|
|
||||||
self.status_icon.set_visible(False)
|
|
||||||
|
|
||||||
- def send_notification(self, *params):
|
|
||||||
+ def send_notification(self, sender, dobject, iface, signal, params):
|
|
||||||
+
|
|
||||||
status_icon = self.__init_status_icon()
|
|
||||||
status_icon.set_visible(True)
|
|
||||||
|
|
||||||
diff --git a/framework/src/setroubleshoot/util.py b/framework/src/setroubleshoot/util.py
|
|
||||||
index 02c4f75..657c882 100755
|
|
||||||
--- a/framework/src/setroubleshoot/util.py
|
|
||||||
+++ b/framework/src/setroubleshoot/util.py
|
|
||||||
@@ -69,7 +69,7 @@ __all__ = [
|
|
||||||
import bz2
|
|
||||||
import six
|
|
||||||
import datetime
|
|
||||||
-from dasbus.connection import SystemMessageBus
|
|
||||||
+from pydbus import SystemBus
|
|
||||||
import glob
|
|
||||||
from gi.repository import GObject
|
|
||||||
import os
|
|
||||||
@@ -522,11 +522,8 @@ Finds an SELinux module which defines given SELinux context
|
|
||||||
|
|
||||||
"""
|
|
||||||
if use_dbus:
|
|
||||||
- bus = SystemMessageBus()
|
|
||||||
- remote_object = bus.get_proxy(
|
|
||||||
- "org.fedoraproject.SetroubleshootPrivileged",
|
|
||||||
- "/org/fedoraproject/SetroubleshootPrivileged"
|
|
||||||
- )
|
|
||||||
+ bus = SystemBus()
|
|
||||||
+ remote_object = bus.get("org.fedoraproject.SetroubleshootPrivileged")
|
|
||||||
return str(remote_object.get_rpm_nvr_by_scontext(str(scontext)))
|
|
||||||
else:
|
|
||||||
context = selinux.context_new(str(scontext))
|
|
||||||
--
|
|
||||||
2.30.2
|
|
||||||
|
|
@ -1,40 +0,0 @@
|
|||||||
From 73d60acf9d4d7ae740d450f9c9a9566dac1c3111 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Petr Lautrbach <plautrba@redhat.com>
|
|
||||||
Date: Thu, 3 Feb 2022 18:14:05 +0100
|
|
||||||
Subject: [PATCH] Improve after_first email filter behavior
|
|
||||||
|
|
||||||
after_first used to send 2 emails before it started to filter. The
|
|
||||||
problem was in the email users were not saved into database when a new
|
|
||||||
signature was created.
|
|
||||||
|
|
||||||
Also we need to skip email users when we evaluated whether send a
|
|
||||||
desktop notification or not.
|
|
||||||
---
|
|
||||||
src/setroubleshoot/server.py | 4 ++++
|
|
||||||
1 file changed, 4 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py
|
|
||||||
index 771ea15..10ef215 100755
|
|
||||||
--- a/framework/src/setroubleshoot/server.py
|
|
||||||
+++ b/framework/src/setroubleshoot/server.py
|
|
||||||
@@ -220,6 +220,7 @@ class AlertPluginReportReceiver(PluginReportReceiver):
|
|
||||||
if len(to_addrs):
|
|
||||||
from setroubleshoot.email_alert import email_alert
|
|
||||||
email_alert(siginfo, to_addrs)
|
|
||||||
+ self.database.mark_modified()
|
|
||||||
|
|
||||||
log_debug("sending alert to all clients")
|
|
||||||
|
|
||||||
@@ -234,6 +235,9 @@ class AlertPluginReportReceiver(PluginReportReceiver):
|
|
||||||
systemd.journal.send(siginfo.format_text(), OBJECT_PID=pid, SYSLOG_IDENTIFIER=pkg_name)
|
|
||||||
|
|
||||||
for u in siginfo.users:
|
|
||||||
+ if u.username[0:6] == "email:":
|
|
||||||
+ # skip email users - they were evaluated before
|
|
||||||
+ continue
|
|
||||||
action = siginfo.evaluate_filter_for_user(u.username)
|
|
||||||
if action == "ignore":
|
|
||||||
return siginfo
|
|
||||||
--
|
|
||||||
2.30.2
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
@ -1,70 +0,0 @@
|
|||||||
From a2102cb35cd45852fc508b2f62400be098050d7a Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Mon, 4 Jul 2022 16:20:30 +0200
|
|
||||||
Subject: [PATCH] Decrease setroubleshootd priority and limit RAM utilization
|
|
||||||
to 1GB
|
|
||||||
|
|
||||||
This should help with system responsiveness in case of large amount of
|
|
||||||
AVCs. The memory limit ensures the process cannot indefinitely hog
|
|
||||||
memory in case it is running continuously. My testing showed normal
|
|
||||||
memory consumption not to exceed 350MB, so 1GB should not limit normal
|
|
||||||
operation.
|
|
||||||
|
|
||||||
Note: Limiting memory using systemd service file was chosen to make it easier
|
|
||||||
for users to adjust the limits.
|
|
||||||
|
|
||||||
Related:
|
|
||||||
https://bugzilla.redhat.com/show_bug.cgi?id=2064727
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
Makefile.am | 3 +++
|
|
||||||
org.fedoraproject.Setroubleshootd.service | 3 ++-
|
|
||||||
setroubleshootd.service | 10 ++++++++++
|
|
||||||
3 files changed, 15 insertions(+), 1 deletion(-)
|
|
||||||
create mode 100644 setroubleshootd.service
|
|
||||||
|
|
||||||
diff --git a/framework/Makefile.am b/framework/Makefile.am
|
|
||||||
index f330b7c..93c6a06 100644
|
|
||||||
--- a/framework/Makefile.am
|
|
||||||
+++ b/framework/Makefile.am
|
|
||||||
@@ -28,6 +28,9 @@ polkit_systemdir = $(datadir)/polkit-1/actions
|
|
||||||
polkit_system_DATA = \
|
|
||||||
org.fedoraproject.setroubleshootfixit.policy
|
|
||||||
|
|
||||||
+systemd_systemunitdir = $(prefix)/lib/systemd/system/
|
|
||||||
+systemd_systemunit_DATA = setroubleshootd.service
|
|
||||||
+
|
|
||||||
autostartdir = $(sysconfdir)/xdg/autostart
|
|
||||||
autostart_DATA = sealertauto.desktop
|
|
||||||
|
|
||||||
diff --git a/framework/org.fedoraproject.Setroubleshootd.service b/framework/org.fedoraproject.Setroubleshootd.service
|
|
||||||
index 05c2c39..2c52499 100644
|
|
||||||
--- a/framework/org.fedoraproject.Setroubleshootd.service
|
|
||||||
+++ b/framework/org.fedoraproject.Setroubleshootd.service
|
|
||||||
@@ -1,4 +1,5 @@
|
|
||||||
[D-BUS Service]
|
|
||||||
Name=org.fedoraproject.Setroubleshootd
|
|
||||||
-Exec=/usr/sbin/setroubleshootd -f
|
|
||||||
+SystemdService=setroubleshootd.service
|
|
||||||
+Exec=/bin/false
|
|
||||||
User=setroubleshoot
|
|
||||||
diff --git a/framework/setroubleshootd.service b/framework/setroubleshootd.service
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..81c75b1
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/framework/setroubleshootd.service
|
|
||||||
@@ -0,0 +1,10 @@
|
|
||||||
+[Unit]
|
|
||||||
+Description=SETroubleshoot daemon for processing new SELinux denial logs
|
|
||||||
+
|
|
||||||
+[Service]
|
|
||||||
+Type=dbus
|
|
||||||
+BusName=org.fedoraproject.Setroubleshootd
|
|
||||||
+ExecStart=/usr/sbin/setroubleshootd -f
|
|
||||||
+User=setroubleshoot
|
|
||||||
+LimitAS=1G
|
|
||||||
+Nice=5
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
@ -1,45 +0,0 @@
|
|||||||
From eed06d0f11867c1019fee4fb1a80be775a60d74e Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Mon, 11 Jul 2022 18:20:47 +0200
|
|
||||||
Subject: [PATCH] doc: Document performance related changes
|
|
||||||
|
|
||||||
- Setroubleshootd is now executed using setroubleshootd.service
|
|
||||||
- ^^ is limited to 1GB of RAM and has a lower than normal priority
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
doc/setroubleshootd.8 | 9 +++++++--
|
|
||||||
1 file changed, 7 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/framework/doc/setroubleshootd.8 b/framework/doc/setroubleshootd.8
|
|
||||||
index bed6713..f1f04d8 100644
|
|
||||||
--- a/framework/doc/setroubleshootd.8
|
|
||||||
+++ b/framework/doc/setroubleshootd.8
|
|
||||||
@@ -23,9 +23,14 @@ components, sealert and setroubleshootd.
|
|
||||||
setroubleshootd is a system daemon which runs under setroubleshoot user and
|
|
||||||
listens for audit events emitted from the kernel related to SELinux. When the
|
|
||||||
setroubleshootd daemon sees an SELinux AVC denial it runs a series of analysis
|
|
||||||
-plugins which examines the audit data related to the AVC. It records the
|
|
||||||
+plugins which examine the audit data related to the AVC. It records the
|
|
||||||
results of the analysis and signals any clients which have attached to the
|
|
||||||
setroubleshootd daemon that a new alert has been seen.
|
|
||||||
+.P
|
|
||||||
+setroubleshootd is not persistent and only runs when there are new AVCs to be
|
|
||||||
+analyzed. It is executed using setroubleshootd.service, which also limits its
|
|
||||||
+priority and maximum RAM utilization to 1GB, in order to help with system
|
|
||||||
+responsiveness in case of large amounts of AVCs.
|
|
||||||
|
|
||||||
.SH "OPTIONS"
|
|
||||||
.TP
|
|
||||||
@@ -33,7 +38,7 @@ setroubleshootd daemon that a new alert has been seen.
|
|
||||||
Do not fork the daemon
|
|
||||||
.TP
|
|
||||||
.B \-d \-\-debug
|
|
||||||
-Do not exit after 10 seconds
|
|
||||||
+Do not exit after 10 seconds of inactivity
|
|
||||||
.TP
|
|
||||||
.B \-h \-\-help
|
|
||||||
Show this message
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
@ -1,56 +0,0 @@
|
|||||||
From 2fbc58c26359989894dfb54daaca2ff4b537f4fe Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
||||||
Date: Fri, 22 Apr 2022 16:27:30 +0200
|
|
||||||
Subject: [PATCH] setroubleshoot/server: shutdown RunFaultServer nicely
|
|
||||||
|
|
||||||
systemd[1]: dbus-:1.2-org.fedoraproject.Setroubleshootd@2.service: Main process exited, code=killed, status=14/ALRM
|
|
||||||
systemd[1]: dbus-:1.2-org.fedoraproject.Setroubleshootd@2.service: Failed with result 'signal'.
|
|
||||||
audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:systemd_t:s0 msg='unit=dbus-:1.2-org.fedoraproject.Setroubleshootd@2 comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=failed'
|
|
||||||
---
|
|
||||||
src/setroubleshoot/server.py | 14 +++++++++++---
|
|
||||||
1 file changed, 11 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/framework/src/setroubleshoot/server.py b/framework/src/setroubleshoot/server.py
|
|
||||||
index 10ef215..8f16993 100755
|
|
||||||
--- a/framework/src/setroubleshoot/server.py
|
|
||||||
+++ b/framework/src/setroubleshoot/server.py
|
|
||||||
@@ -733,9 +733,17 @@ def goodbye(database):
|
|
||||||
audit2why.finish()
|
|
||||||
|
|
||||||
|
|
||||||
+main_loop = GLib.MainLoop()
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+def alarm_handler(signum, frame):
|
|
||||||
+ log_debug("SIGALRM raised in RunFaultServer")
|
|
||||||
+ main_loop.quit()
|
|
||||||
+
|
|
||||||
+
|
|
||||||
def RunFaultServer(timeout=10):
|
|
||||||
signal.alarm(timeout)
|
|
||||||
- sigalrm_handler = signal.signal(signal.SIGALRM, polling_failed_handler)
|
|
||||||
+ signal.signal(signal.SIGALRM, polling_failed_handler)
|
|
||||||
# polling for /sys/fs/selinux/policy file
|
|
||||||
while True:
|
|
||||||
try:
|
|
||||||
@@ -760,7 +768,7 @@ def RunFaultServer(timeout=10):
|
|
||||||
|
|
||||||
global host_database, analysis_queue, email_recipients
|
|
||||||
|
|
||||||
- signal.signal(signal.SIGALRM, sigalrm_handler)
|
|
||||||
+ signal.signal(signal.SIGALRM, alarm_handler)
|
|
||||||
signal.signal(signal.SIGHUP, sighandler)
|
|
||||||
|
|
||||||
#interface_registry.dump_interfaces()
|
|
||||||
@@ -856,7 +864,7 @@ def RunFaultServer(timeout=10):
|
|
||||||
|
|
||||||
dbus.glib.init_threads()
|
|
||||||
setroubleshootd_dbus = SetroubleshootdDBus(analysis_queue, alert_receiver, timeout)
|
|
||||||
- main_loop = GLib.MainLoop()
|
|
||||||
+
|
|
||||||
main_loop.run()
|
|
||||||
|
|
||||||
except KeyboardInterrupt as e:
|
|
||||||
--
|
|
||||||
2.35.3
|
|
||||||
|
|
@ -1,48 +0,0 @@
|
|||||||
From 9e2753d241bf0bccaf0b05984e7562a2ac2a70e6 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
Date: Thu, 24 Aug 2023 19:02:24 +0200
|
|
||||||
Subject: [PATCH] Check that SELinux is enabled before running
|
|
||||||
|
|
||||||
Setroubleshootd will fail to run when selinux is disabled. Check that
|
|
||||||
SELinux is enabled in setroubleshootd service file and in sealert (so
|
|
||||||
that it does not wait for setroubleshootd to start).
|
|
||||||
|
|
||||||
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2178950
|
|
||||||
|
|
||||||
Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
|
|
||||||
---
|
|
||||||
setroubleshootd.service | 1 +
|
|
||||||
src/sealert | 6 ++++++
|
|
||||||
2 files changed, 7 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/framework/setroubleshootd.service b/framework/setroubleshootd.service
|
|
||||||
index 81c75b1..7fc2ffb 100644
|
|
||||||
--- a/framework/setroubleshootd.service
|
|
||||||
+++ b/framework/setroubleshootd.service
|
|
||||||
@@ -1,5 +1,6 @@
|
|
||||||
[Unit]
|
|
||||||
Description=SETroubleshoot daemon for processing new SELinux denial logs
|
|
||||||
+ConditionSecurity=selinux
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=dbus
|
|
||||||
diff --git a/framework/src/sealert b/framework/src/sealert
|
|
||||||
index 2663a21..5ce6463 100755
|
|
||||||
--- a/framework/src/sealert
|
|
||||||
+++ b/framework/src/sealert
|
|
||||||
@@ -576,6 +576,12 @@ if __name__ == '__main__':
|
|
||||||
setup_sighandlers()
|
|
||||||
log_debug("main() args=%s" % sys.argv)
|
|
||||||
|
|
||||||
+ # Exit if selinux is disabled - setroubleshootd cannot start
|
|
||||||
+ if not selinux.is_selinux_enabled():
|
|
||||||
+ log_debug("SELinux not enabled, sealert will not run on non SELinux systems")
|
|
||||||
+ print("SELinux not enabled, sealert will not run on non SELinux systems", file=sys.stderr)
|
|
||||||
+ sys.exit(3)
|
|
||||||
+
|
|
||||||
def validate_invocation_style(opt, opts_instance, conflict_opts):
|
|
||||||
global invocation_style
|
|
||||||
conflict_opts.remove(opt)
|
|
||||||
--
|
|
||||||
2.41.0
|
|
||||||
|
|
1
SOURCES/setroubleshoot.sysusers
Normal file
1
SOURCES/setroubleshoot.sysusers
Normal file
@ -0,0 +1 @@
|
|||||||
|
u setroubleshoot - "SELinux troubleshoot server" /var/lib/setroubleshoot
|
@ -1 +1,2 @@
|
|||||||
d /run/setroubleshoot 711 setroubleshoot setroubleshoot -
|
d /run/setroubleshoot 711 setroubleshoot setroubleshoot -
|
||||||
|
Z /var/lib/setroubleshoot - setroubleshoot setroubleshoot -
|
||||||
|
@ -1,33 +1,33 @@
|
|||||||
|
# Disable automatic compilation of Python files in extra directories
|
||||||
|
%global _python_bytecompile_extra 0
|
||||||
|
|
||||||
Summary: Helps troubleshoot SELinux problems
|
Summary: Helps troubleshoot SELinux problems
|
||||||
Name: setroubleshoot
|
Name: setroubleshoot
|
||||||
Version: 3.3.26
|
Version: 3.3.32
|
||||||
Release: 6%{?dist}
|
Release: 1%{?dist}
|
||||||
License: GPLv2+
|
License: GPL-2.0-or-later
|
||||||
URL: https://gitlab.com/setroubleshoot/framework
|
URL: https://gitlab.com/setroubleshoot/setroubleshoot
|
||||||
Source0: https://releases.pagure.org/setroubleshoot/%{name}-%{version}.tar.gz
|
Source0: https://gitlab.com/setroubleshoot/setroubleshoot/-/archive/%{version}/setroubleshoot-%{version}.tar.gz
|
||||||
Source1: %{name}.tmpfiles
|
Source1: %{name}.tmpfiles
|
||||||
# git format-patch --src-prefix=a/framework/ --dst-prefix=b/framework/ -N setroubleshoot-3.3.26 -- . ':!doc/developers_guide.wiki' ':!test/README.testing' ':!.gitlab-ci.yml'
|
Source2: %{name}.sysusers
|
||||||
|
# git format-patch -N 3.3.32
|
||||||
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
# i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
|
||||||
Patch0001: 0001-Stop-SetroubleshootFixit-after-10-seconds-of-inactiv.patch
|
Patch0001: 0001-imp-module-is-deprecated-in-favor-of-importlib.patch
|
||||||
Patch0002: 0002-Do-not-use-Python-slip-package.patch
|
Patch0002: 0002-Always-reset-pending-alarms-when-alarm-0.patch
|
||||||
Patch0003: 0003-Fix-typos-in-help-man-pages-and-developer-s-guide.patch
|
Patch0003: 0003-gitlab-ci-use-apt-get-to-install-python3-dbus-packag.patch
|
||||||
Patch0004: 0004-Revert-Replace-pydbus-with-dasbus.patch
|
|
||||||
Patch0005: 0005-Improve-after_first-email-filter-behavior.patch
|
|
||||||
Patch0006: 0006-Update-translations.patch
|
|
||||||
Patch0007: 0007-Decrease-setroubleshootd-priority-and-limit-RAM-util.patch
|
|
||||||
Patch0008: 0008-doc-Document-performance-related-changes.patch
|
|
||||||
Patch0009: 0009-setroubleshoot-server-shutdown-RunFaultServer-nicely.patch
|
|
||||||
Patch0010: 0010-Check-that-SELinux-is-enabled-before-running.patch
|
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: libcap-ng-devel
|
BuildRequires: libcap-ng-devel
|
||||||
BuildRequires: intltool gettext python3 python3-devel
|
BuildRequires: intltool gettext python3 python3-devel python3-setuptools python3-wheel python3-pip
|
||||||
BuildRequires: desktop-file-utils dbus-glib-devel gtk2-devel libnotify-devel audit-libs-devel libselinux-devel polkit-devel
|
BuildRequires: desktop-file-utils libnotify-devel libselinux-devel polkit-devel
|
||||||
BuildRequires: python3-libselinux python3-pydbus python3-gobject gtk3-devel
|
BuildRequires: audit-libs-devel >= 3.0.1
|
||||||
Requires: %{name}-server = %{version}-%{release}
|
BuildRequires: python3-libselinux python3-dasbus python3-gobject gtk3-devel
|
||||||
|
# for the _tmpfilesdir macro
|
||||||
|
BuildRequires: systemd-rpm-macros
|
||||||
|
Requires: %{name}-server = %{version}-%{release}
|
||||||
Requires: gtk3, libnotify
|
Requires: gtk3, libnotify
|
||||||
Requires: libreport-gtk >= 2.2.1-2, python3-libreport
|
Requires: libreport-gtk >= 2.2.1-2, python3-libreport
|
||||||
Requires: python3-gobject, python3-pydbus
|
Requires: python3-gobject, python3-dasbus
|
||||||
Requires(post): desktop-file-utils
|
Requires(post): desktop-file-utils
|
||||||
Requires(post): dbus
|
Requires(post): dbus
|
||||||
Requires(postun): desktop-file-utils
|
Requires(postun): desktop-file-utils
|
||||||
@ -43,7 +43,6 @@ Requires: xdg-utils
|
|||||||
%global pkgvardatadir %{_localstatedir}/lib/%{name}
|
%global pkgvardatadir %{_localstatedir}/lib/%{name}
|
||||||
%global pkgconfigdir %{_sysconfdir}/%{name}
|
%global pkgconfigdir %{_sysconfdir}/%{name}
|
||||||
%global pkgdatabase %{pkgvardatadir}/setroubleshoot_database.xml
|
%global pkgdatabase %{pkgvardatadir}/setroubleshoot_database.xml
|
||||||
%global username setroubleshoot
|
|
||||||
|
|
||||||
%description
|
%description
|
||||||
setroubleshoot GUI. Application that allows you to view setroubleshoot-server
|
setroubleshoot GUI. Application that allows you to view setroubleshoot-server
|
||||||
@ -57,8 +56,8 @@ to user preference. The same tools can be run on existing log files.
|
|||||||
%{pkgguidir}
|
%{pkgguidir}
|
||||||
%config(noreplace) %{_sysconfdir}/xdg/autostart/*
|
%config(noreplace) %{_sysconfdir}/xdg/autostart/*
|
||||||
%{_datadir}/applications/*.desktop
|
%{_datadir}/applications/*.desktop
|
||||||
%{_datadir}/appdata/*.appdata.xml
|
%{_metainfodir}/*.appdata.xml
|
||||||
%{_datadir}/dbus-1/services/sealert.service
|
%{_datadir}/dbus-1/services/org.fedoraproject.sealert.service
|
||||||
%{_datadir}/icons/hicolor/*/*/*
|
%{_datadir}/icons/hicolor/*/*/*
|
||||||
%dir %attr(0755,root,root) %{pkgpythondir}
|
%dir %attr(0755,root,root) %{pkgpythondir}
|
||||||
%{pkgpythondir}/browser.py
|
%{pkgpythondir}/browser.py
|
||||||
@ -69,16 +68,15 @@ to user preference. The same tools can be run on existing log files.
|
|||||||
|
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p 2
|
%autosetup -p 1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
autoreconf -f
|
./autogen.sh
|
||||||
%configure PYTHON=%{__python3} --enable-seappletlegacy=no --with-auditpluginsdir=/etc/audit/plugins.d
|
%configure PYTHON=%{__python3} --enable-seappletlegacy=no --with-auditpluginsdir=/etc/audit/plugins.d
|
||||||
make
|
make
|
||||||
|
|
||||||
%install
|
%install
|
||||||
make DESTDIR=%{buildroot} PREFIX=/usr install
|
%make_install PREFIX=/usr
|
||||||
touch -r src/config.py.in %{buildroot}%{python3_sitelib}/setroubleshoot/config.py
|
|
||||||
desktop-file-install --vendor="" --dir=%{buildroot}%{_datadir}/applications %{buildroot}/%{_datadir}/applications/%{name}.desktop
|
desktop-file-install --vendor="" --dir=%{buildroot}%{_datadir}/applications %{buildroot}/%{_datadir}/applications/%{name}.desktop
|
||||||
mkdir -p %{buildroot}%{pkgvardatadir}
|
mkdir -p %{buildroot}%{pkgvardatadir}
|
||||||
mkdir -p %{buildroot}%{_rundir}/setroubleshoot
|
mkdir -p %{buildroot}%{_rundir}/setroubleshoot
|
||||||
@ -86,19 +84,9 @@ touch %{buildroot}%{pkgdatabase}
|
|||||||
touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
|
touch %{buildroot}%{pkgvardatadir}/email_alert_recipients
|
||||||
rm -rf %{buildroot}/usr/share/doc/
|
rm -rf %{buildroot}/usr/share/doc/
|
||||||
# create /run/setroubleshoot on boot
|
# create /run/setroubleshoot on boot
|
||||||
install -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
|
install -p -m644 -D %{SOURCE1} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
|
||||||
|
install -p -m644 -D %{SOURCE2} $RPM_BUILD_ROOT%{_sysusersdir}/%{name}.conf
|
||||||
|
|
||||||
# Switch hardcoded python3 shebangs into the %%{__python3} macro
|
|
||||||
pathfix.py -i "%{__python3} -Es" -p \
|
|
||||||
%{buildroot}%{_sbindir}/setroubleshootd \
|
|
||||||
%{buildroot}%{_bindir}/{sealert,seapplet} \
|
|
||||||
%{buildroot}/usr/share/setroubleshoot/SetroubleshootFixit.py \
|
|
||||||
%{buildroot}/usr/share/setroubleshoot/SetroubleshootPrivileged.py
|
|
||||||
rm \
|
|
||||||
%{buildroot}%{_sbindir}/setroubleshootd~ \
|
|
||||||
%{buildroot}%{_bindir}/{sealert,seapplet}~ \
|
|
||||||
%{buildroot}/usr/share/setroubleshoot/SetroubleshootFixit.py~ \
|
|
||||||
%{buildroot}/usr/share/setroubleshoot/SetroubleshootPrivileged.py~
|
|
||||||
|
|
||||||
%find_lang %{name}
|
%find_lang %{name}
|
||||||
|
|
||||||
@ -106,7 +94,7 @@ rm \
|
|||||||
Summary: SELinux troubleshoot server
|
Summary: SELinux troubleshoot server
|
||||||
|
|
||||||
Requires: %{name}-plugins >= 3.3.10
|
Requires: %{name}-plugins >= 3.3.10
|
||||||
Requires: audit >= 3
|
Requires: audit >= 3.0.1
|
||||||
Requires: audit-libs-python3
|
Requires: audit-libs-python3
|
||||||
Requires: libxml2-python3
|
Requires: libxml2-python3
|
||||||
Requires: rpm-python3
|
Requires: rpm-python3
|
||||||
@ -114,14 +102,12 @@ Requires: libselinux-python3 >= 2.1.5-1
|
|||||||
Requires: policycoreutils-python-utils
|
Requires: policycoreutils-python-utils
|
||||||
BuildRequires: intltool gettext python3
|
BuildRequires: intltool gettext python3
|
||||||
BuildRequires: python3-devel
|
BuildRequires: python3-devel
|
||||||
BuildRequires: systemd
|
|
||||||
Requires: systemd-python3 >= 206-1
|
Requires: systemd-python3 >= 206-1
|
||||||
Requires: python3-gobject >= 3.11
|
Requires: python3-gobject-base >= 3.11
|
||||||
Requires: dbus
|
Requires: dbus
|
||||||
Requires: python3-dbus python3-pydbus
|
Requires: python3-dbus python3-dasbus python3-six
|
||||||
Requires: polkit
|
Requires: polkit
|
||||||
Requires: initscripts
|
Requires: initscripts-service
|
||||||
Requires(pre): /usr/sbin/useradd /usr/sbin/groupadd
|
|
||||||
|
|
||||||
%description server
|
%description server
|
||||||
Provides tools to help diagnose SELinux problems. When AVC messages
|
Provides tools to help diagnose SELinux problems. When AVC messages
|
||||||
@ -130,7 +116,7 @@ about the problem and help track its resolution. Alerts can be configured
|
|||||||
to user preference. The same tools can be run on existing log files.
|
to user preference. The same tools can be run on existing log files.
|
||||||
|
|
||||||
%pre server
|
%pre server
|
||||||
getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgvardatadir} %{username}
|
%sysusers_create_compat %{SOURCE2}
|
||||||
|
|
||||||
%post server
|
%post server
|
||||||
/sbin/service auditd reload >/dev/null 2>&1 || :
|
/sbin/service auditd reload >/dev/null 2>&1 || :
|
||||||
@ -138,16 +124,14 @@ getent passwd %{username} >/dev/null || useradd -r -U -s /sbin/nologin -d %{pkgv
|
|||||||
%postun server
|
%postun server
|
||||||
/sbin/service auditd reload >/dev/null 2>&1 || :
|
/sbin/service auditd reload >/dev/null 2>&1 || :
|
||||||
|
|
||||||
%triggerun server -- %{name}-server < 3.2.24-4
|
|
||||||
chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
|
|
||||||
|
|
||||||
%files server -f %{name}.lang
|
%files server -f %{name}.lang
|
||||||
%{_bindir}/sealert
|
%{_bindir}/sealert
|
||||||
%{_sbindir}/sedispatch
|
%{_sbindir}/sedispatch
|
||||||
%{_sbindir}/setroubleshootd
|
%{_sbindir}/setroubleshootd
|
||||||
%{python3_sitelib}/setroubleshoot*.egg-info
|
%{python3_sitelib}/setroubleshoot*.dist-info
|
||||||
%dir %attr(0755,root,root) %{pkgconfigdir}
|
%dir %attr(0755,root,root) %{pkgconfigdir}
|
||||||
%dir %attr(0755,root,root) %{pkgpythondir}
|
%dir %{pkgpythondir}
|
||||||
|
%dir %{pkgpythondir}/__pycache__
|
||||||
%{pkgpythondir}/Plugin.py
|
%{pkgpythondir}/Plugin.py
|
||||||
%{pkgpythondir}/__init__.py
|
%{pkgpythondir}/__init__.py
|
||||||
%{pkgpythondir}/access_control.py
|
%{pkgpythondir}/access_control.py
|
||||||
@ -166,8 +150,6 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
|
|||||||
%{pkgpythondir}/util.py
|
%{pkgpythondir}/util.py
|
||||||
%{pkgpythondir}/uuid.py
|
%{pkgpythondir}/uuid.py
|
||||||
%{pkgpythondir}/xml_serialize.py
|
%{pkgpythondir}/xml_serialize.py
|
||||||
%dir %{pkgpythondir}
|
|
||||||
%dir %{pkgpythondir}/__pycache__
|
|
||||||
%{pkgpythondir}/__pycache__/Plugin.cpython*
|
%{pkgpythondir}/__pycache__/Plugin.cpython*
|
||||||
%{pkgpythondir}/__pycache__/__init__.cpython*
|
%{pkgpythondir}/__pycache__/__init__.cpython*
|
||||||
%{pkgpythondir}/__pycache__/access_control.cpython*
|
%{pkgpythondir}/__pycache__/access_control.cpython*
|
||||||
@ -200,80 +182,149 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
|
|||||||
%{_mandir}/man8/sedispatch.8.gz
|
%{_mandir}/man8/sedispatch.8.gz
|
||||||
%{_mandir}/man8/setroubleshootd.8.gz
|
%{_mandir}/man8/setroubleshootd.8.gz
|
||||||
%config /etc/audit/plugins.d/sedispatch.conf
|
%config /etc/audit/plugins.d/sedispatch.conf
|
||||||
|
%{_unitdir}/setroubleshootd.service
|
||||||
%{_datadir}/dbus-1/system-services/org.fedoraproject.Setroubleshootd.service
|
%{_datadir}/dbus-1/system-services/org.fedoraproject.Setroubleshootd.service
|
||||||
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootPrivileged.service
|
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootPrivileged.service
|
||||||
%{_datadir}/polkit-1/actions/org.fedoraproject.setroubleshootfixit.policy
|
%{_datadir}/polkit-1/actions/org.fedoraproject.setroubleshootfixit.policy
|
||||||
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootFixit.conf
|
%config(noreplace) %{_sysconfdir}/dbus-1/system.d/org.fedoraproject.SetroubleshootFixit.conf
|
||||||
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
|
%{_datadir}/dbus-1/system-services/org.fedoraproject.SetroubleshootFixit.service
|
||||||
%{_unitdir}/setroubleshootd.service
|
|
||||||
%attr(0644,root,root) %{_tmpfilesdir}/%{name}.conf
|
%attr(0644,root,root) %{_tmpfilesdir}/%{name}.conf
|
||||||
|
%attr(0644,root,root) %{_sysusersdir}/%{name}.conf
|
||||||
%attr(0711,setroubleshoot,setroubleshoot) %dir %{_rundir}/setroubleshoot
|
%attr(0711,setroubleshoot,setroubleshoot) %dir %{_rundir}/setroubleshoot
|
||||||
%doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO
|
%doc AUTHORS COPYING ChangeLog DBUS.md NEWS README TODO
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Thu Aug 24 2023 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-6
|
* Thu Jul 27 2023 Petr Lautrbach <lautrbach@redhat.com> - 3.3.32-1
|
||||||
- Fix shebang of SetroubleshootPrivileged.py (#2231023)
|
- Always reset pending alarms when alarm(0) (rhbz#2112573)
|
||||||
- Check that SELinux is enabled before running (#2178950)
|
- 'imp' module is deprecated in favor of 'importlib' (rhbz#2224393)
|
||||||
|
- Fix build with pip 23.1.2+
|
||||||
* Mon Aug 22 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-5
|
- Remove dbus-glib-devel BR as it's only needed when compiled with seappletlegacy
|
||||||
- Shutdown RunFaultServer nicely (#2119001)
|
- Rename session bus name to org.fedoraproject.sealert
|
||||||
|
- seapplet: wrap SEApplet() to try except
|
||||||
* Wed Jul 13 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-4
|
- util.py: Add doctext test for build_module_type_cache()
|
||||||
- Decrease setroubleshootd priority and limit RAM utilization to 1GB (#2064727)
|
|
||||||
- doc: Document performance related changes
|
|
||||||
|
|
||||||
* Fri Feb 25 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-3
|
|
||||||
- Update translations (#2017299)
|
|
||||||
|
|
||||||
* Fri Feb 11 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-2
|
|
||||||
- Improve after_first email filter behavior (#2050734)
|
|
||||||
|
|
||||||
* Fri Dec 10 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.26-1
|
|
||||||
- Revert "Replace pydbus with dasbus"
|
|
||||||
- Fix typos in --help, man pages and developer's guide (#2028226)
|
|
||||||
- Do not use Python slip package
|
|
||||||
- Stop SetroubleshootFixit after 10 seconds of inactivity
|
|
||||||
- Fix plugin exception reporting
|
|
||||||
- export alert dbus signal
|
|
||||||
- Make sure local_policy_package is not None
|
|
||||||
- sealert: add "Last Seen" column to alert list
|
|
||||||
|
|
||||||
* Mon Sep 27 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-4
|
|
||||||
- Update translations (#1962030)
|
|
||||||
|
|
||||||
* Tue Feb 02 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-3
|
|
||||||
- sealert: exit on any connection close (#1875290)
|
|
||||||
|
|
||||||
* Wed Jan 13 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-2
|
|
||||||
- Optimize get_rpm_nvr_by_type by adding a cache (#1794807)
|
|
||||||
- Stop building seappletlegacy (#1878792)
|
|
||||||
- Update translations
|
- Update translations
|
||||||
|
|
||||||
* Wed Aug 12 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-1
|
* Thu Mar 09 2023 Vit Mojzis <vmojzis@redhat.com> - 3.3.31-2
|
||||||
- Add 'fur' into shipped locales
|
- Update translations (#2139682)
|
||||||
- Update translations (#1820570)
|
|
||||||
- Log full reports with correct syslog identifier
|
|
||||||
- Cancel pending alarm during AVC analyses
|
|
||||||
|
|
||||||
* Mon Apr 27 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.23-1
|
* Wed Nov 23 2022 Petr Lautrbach <lautrbach@redhat.com> - 3.3.31-1
|
||||||
- browser: Check return value of Gdk.Screen().get_default() (#1574434)
|
- Add a screen reader label to the icon
|
||||||
- Improve and unify error messages (#1763982)
|
- seapplet: avoid ValueError when parsing sealert.conf
|
||||||
|
- doc: Document performance related changes
|
||||||
|
- Decrease setroubleshootd priority and limit RAM utilization to 1GB
|
||||||
|
- Use setup from setuptools
|
||||||
|
- Use `pip install` instead of `setup.py install`
|
||||||
|
|
||||||
|
* Tue Jun 28 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.30-1
|
||||||
|
- Miscellaneous python and build system changes
|
||||||
|
- Fix couple of typos
|
||||||
|
- Drop Python2 support
|
||||||
|
- Use inspect.signature() instead of instead.getargspec()
|
||||||
|
- Update translations
|
||||||
|
|
||||||
|
* Wed Mar 30 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.29-1
|
||||||
|
- Introduce email.use_sendmail option
|
||||||
|
- Update translations
|
||||||
|
|
||||||
|
* Wed Mar 09 2022 Vit Mojzis <vmojzis@redhat.com> - 3.3.28-3
|
||||||
|
- Update translations (#2017386)
|
||||||
|
|
||||||
|
* Tue Feb 8 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.28-2
|
||||||
|
- Use %sysusers_create_compat instead of useradd
|
||||||
|
- Set right ownership on /var/lib/setroubleshoot
|
||||||
|
|
||||||
|
* Tue Feb 8 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.28-1
|
||||||
|
- Look for modules in /usr/share/selinux/packages
|
||||||
|
- Always use rpm source package for reporting
|
||||||
|
- Improve after_first email filter behavior
|
||||||
|
|
||||||
|
* Wed Jan 19 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.27-2
|
||||||
|
- Improve DSP module reporting
|
||||||
|
- Require initscripts-service - /sbin/service
|
||||||
|
|
||||||
|
* Thu Jan 13 2022 Petr Lautrbach <plautrba@redhat.com> - 3.3.27-1
|
||||||
|
- sedispatch: check read_size
|
||||||
|
- SafeConfigParser is deprecated and will be dropped
|
||||||
|
- Fix typos in --help, man pages and developer's guide
|
||||||
|
- Improve Python 3.10 compatibility
|
||||||
|
https://pagure.io/setroubleshoot/issue/58
|
||||||
|
- Update translations
|
||||||
|
|
||||||
|
* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 3.3.26-5
|
||||||
|
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||||
|
Related: rhbz#1991688
|
||||||
|
|
||||||
|
* Fri Jul 16 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-4
|
||||||
|
- Improve sedispatch performance
|
||||||
|
|
||||||
|
* Fri Jul 2 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-3
|
||||||
|
- Fix file mode of email_alert_recipients
|
||||||
|
|
||||||
|
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 3.3.26-2
|
||||||
|
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
|
||||||
|
|
||||||
|
* Thu Apr 15 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.26-1
|
||||||
|
- Fix plugin exception reporting
|
||||||
|
- Update translations
|
||||||
|
- Stop SetroubleshootFixit after 10 seconds of inactivity
|
||||||
|
- Do not use Python slip package
|
||||||
|
|
||||||
|
* Wed Mar 10 2021 Petr Lautrbach <plautrba@redhat.com> - 3.3.25-1
|
||||||
|
- Use Python dasbus instead of pydbus
|
||||||
|
- Optimize get_rpm_nvr_by_type by adding a cache
|
||||||
|
- Update translations
|
||||||
|
|
||||||
|
* Tue Feb 02 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-4
|
||||||
|
- sealert: exit on any connection close
|
||||||
|
|
||||||
|
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.24-3
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||||
|
|
||||||
|
* Sat Jan 16 2021 Vit Mojzis <vmojzis@redhat.com> - 3.3.24-2
|
||||||
|
- framework/util: optimize get_rpm_nvr_by_type by adding a cache
|
||||||
|
- Stop building seappletlegacy
|
||||||
|
|
||||||
|
* Tue Oct 13 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.24-1
|
||||||
|
- Add 'fur' into shipped locales
|
||||||
|
- Update translations
|
||||||
|
- Log full reports with correct syslog identifier
|
||||||
|
- Cancel pending alarm during AVC analyses
|
||||||
|
|
||||||
|
* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.23-5
|
||||||
|
- Second attempt - Rebuilt for
|
||||||
|
https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.23-4
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jul 14 2020 Tom Stellard <tstellar@redhat.com> - 3.3.23-3
|
||||||
|
- Use make macros
|
||||||
|
- https://fedoraproject.org/wiki/Changes/UseMakeBuildInstallMacro
|
||||||
|
|
||||||
|
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 3.3.23-2
|
||||||
|
- Rebuilt for Python 3.9
|
||||||
|
|
||||||
|
* Tue Apr 21 2020 Vit Mojzis <vmojzis@redhat.com> - 3.3.23-1
|
||||||
|
- browser: Check return value of Gdk.Screen().get_default()
|
||||||
|
- Improve and unify error messages
|
||||||
- setroubleshoot.util: Catch exceptions from sepolicy import
|
- setroubleshoot.util: Catch exceptions from sepolicy import
|
||||||
- Add dpkg support
|
- Add dpkg support
|
||||||
- Do not refer to hardcoded selinux-policy rpm in signature
|
- Do not refer to hardcoded selinux-policy rpm in signature
|
||||||
- Make date/time format locale specific (#1812674)
|
- Make date/time format locale specific
|
||||||
- Improve speed of plugin evaluation (#1794807)
|
- Improve speed of plugin evaluation
|
||||||
- Do not try to report a bug on None package
|
|
||||||
- sealert: Drop unused import slib.dbus.service
|
* Wed Mar 4 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.22-6
|
||||||
- Drop updater.py - it's not used and doesn't work
|
- Do not try to report a bug on None package (#1809801)
|
||||||
|
|
||||||
|
* Fri Feb 28 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.22-5
|
||||||
- root user doesn't need to use SetroubleshootPrivileged API
|
- root user doesn't need to use SetroubleshootPrivileged API
|
||||||
- Use pydbus, a modern Python dbus API, for SetroubleshootPrivileged
|
|
||||||
- Report bug on a package which owns the related SELinux domain (#1811644)
|
* Thu Feb 27 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.22-4
|
||||||
|
- sealert to report a bug on a package which owns the related SELinux domain
|
||||||
https://pagure.io/setroubleshoot/issue/18
|
https://pagure.io/setroubleshoot/issue/18
|
||||||
- Add Local SELinux policy package version to analyses reports
|
|
||||||
- setroubleshoot.utils.get_rpm_nvr_by_scontext add option to use DBUS method
|
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.22-3
|
||||||
- Export setroubleshoot.utils.get_rpm_nvr_by_scontext via DBUS
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||||
- setroubleshoot.util: get_rpm_nvr_by_type() and get_rpm_nvr_by_scontext()
|
|
||||||
|
|
||||||
* Sat Jan 11 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.22-2
|
* Sat Jan 11 2020 Petr Lautrbach <plautrba@redhat.com> - 3.3.22-2
|
||||||
- Log plugin exception traceback when log level is DEBUG
|
- Log plugin exception traceback when log level is DEBUG
|
||||||
@ -283,30 +334,33 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
|
|||||||
- sepolicy.info() returns a generator, not a list (#1784564)
|
- sepolicy.info() returns a generator, not a list (#1784564)
|
||||||
|
|
||||||
* Wed Dec 11 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.21-1
|
* Wed Dec 11 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.21-1
|
||||||
- Use dbus.mainloop.glib.DBusGMainLoop() instead of dbus.glib
|
|
||||||
- Fix AVC.__typeMatch to handle aliases properly
|
- Fix AVC.__typeMatch to handle aliases properly
|
||||||
- Handle sockets with abstract path properly (#1775135)
|
- Handle sockets with abstract path properly (#1775135)
|
||||||
|
|
||||||
* Fri Aug 16 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.20-2
|
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 3.3.20-4
|
||||||
- Fix file mode of email_alert_recipients (#1741960)
|
- Rebuilt for Python 3.8.0rc1 (#1748018)
|
||||||
|
|
||||||
|
* Tue Aug 27 2019 Petr Lautrbach <plautrba@redhat.com> - 3.3.20-3
|
||||||
|
- Use dbus.mainloop.glib.DBusGMainLoop() instead of dbus.glib
|
||||||
|
|
||||||
|
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 3.3.20-2
|
||||||
|
- Rebuilt for Python 3.8
|
||||||
|
|
||||||
* Wed Jul 17 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.20-1
|
* Wed Jul 17 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.20-1
|
||||||
- Add man page for seapplet (#1612529)
|
|
||||||
|
|
||||||
* Tue May 14 2019 Vit Mojzis <vmojzis@redhat.com> - 3.3.19-2
|
|
||||||
- Update "missing" scripts to automake-1.15
|
- Update "missing" scripts to automake-1.15
|
||||||
- Add active polling for acquiring policy file
|
- Add active polling for acquiring policy file
|
||||||
- Fix translation of hex values in AVCs (#1477236, #1709742)
|
- Fix translation of hex values in AVCs
|
||||||
- require initscripts to ensure that "service" call works properly
|
- require initscripts to ensure that "service" call works properly
|
||||||
|
- Add man page for seapplet
|
||||||
|
- setroubleshoot-server: only require gobject-base
|
||||||
|
|
||||||
|
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.19-2
|
||||||
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||||
|
|
||||||
* Sat Dec 8 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.19-1
|
* Sat Dec 8 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.19-1
|
||||||
- Require plugins >= 3.3.10
|
- Require plugins >= 3.3.10
|
||||||
|
|
||||||
* Wed Dec 5 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.18-4
|
* Thu Nov 29 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.18-3
|
||||||
- Update translations
|
|
||||||
- Catch exceptions caused by lookup_signature
|
|
||||||
|
|
||||||
* Sat Dec 1 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.18-3.1
|
|
||||||
- Update scriptlets to reload auditd after install or uninstall
|
- Update scriptlets to reload auditd after install or uninstall
|
||||||
|
|
||||||
* Thu Sep 20 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.18-2
|
* Thu Sep 20 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.18-2
|
||||||
@ -317,8 +371,11 @@ chown -R setroubleshoot:setroubleshoot %{pkgvardatadir}
|
|||||||
- Move sedispatch.conf to /etc/audit/plugins.d/
|
- Move sedispatch.conf to /etc/audit/plugins.d/
|
||||||
- Fix summary and "if" text for AVCs with unknown target path
|
- Fix summary and "if" text for AVCs with unknown target path
|
||||||
|
|
||||||
* Tue Jul 03 2018 Tomas Orsava <torsava@redhat.com> - 3.3.17-2
|
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.3.17-3
|
||||||
- Switch hardcoded python3 shebangs into the %%{__python3} macro
|
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||||
|
|
||||||
|
* Tue Jun 19 2018 Miro Hrončok <mhroncok@redhat.com> - 3.3.17-2
|
||||||
|
- Rebuilt for Python 3.7
|
||||||
|
|
||||||
* Mon Feb 26 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.17-1
|
* Mon Feb 26 2018 Petr Lautrbach <plautrba@redhat.com> - 3.3.17-1
|
||||||
- Set auto_save_interval to 5 (#1548913,#1523406,#1539180)
|
- Set auto_save_interval to 5 (#1548913,#1523406,#1539180)
|
||||||
@ -1991,3 +2048,4 @@ it has already been seen
|
|||||||
|
|
||||||
* Fri May 19 2006 John Dennis <jdennis@redhat.com> - 0.1-1
|
* Fri May 19 2006 John Dennis <jdennis@redhat.com> - 0.1-1
|
||||||
- Initial build.
|
- Initial build.
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user