From 5242f26ab29c7787a6071d10bf613e6b283512ef Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 24 Feb 2020 19:04:25 +0100 Subject: [PATCH] Export setroubleshoot.utils.get_rpm_nvr_by_scontext via DBUS $ dbus-send --system --print-reply --dest=org.fedoraproject.SetroubleshootPrivileged \ /org/fedoraproject/SetroubleshootPrivileged/object \ org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext \ string:"system_u:system_r:mysqld_log_t:s0" org.fedoraproject.SetroubleshootPrivileged is available only for `setroubleshoot` user and it's supposed to be a privileged helper which is used by `setroubleshootd` --- framework/Makefile.am | 7 ++- ...edoraproject.SetroubleshootPrivileged.conf | 20 +++++++ ...raproject.SetroubleshootPrivileged.service | 4 ++ framework/src/Makefile.am | 3 +- framework/src/SetroubleshootPrivileged.py | 57 +++++++++++++++++++ 5 files changed, 88 insertions(+), 3 deletions(-) create mode 100644 framework/org.fedoraproject.SetroubleshootPrivileged.conf create mode 100644 framework/org.fedoraproject.SetroubleshootPrivileged.service create mode 100644 framework/src/SetroubleshootPrivileged.py diff --git a/framework/Makefile.am b/framework/Makefile.am index 56a8b37fa037..f330b7c3e112 100644 --- a/framework/Makefile.am +++ b/framework/Makefile.am @@ -14,12 +14,15 @@ dbus_session_DATA = sealert.service dbus_systemservicedir = $(datadir)/dbus-1/system-services dbus_systemservice_DATA = \ org.fedoraproject.Setroubleshootd.service \ - org.fedoraproject.SetroubleshootFixit.service + org.fedoraproject.SetroubleshootFixit.service \ + org.fedoraproject.SetroubleshootPrivileged.service dbus_systemdir = $(sysconfdir)/dbus-1/system.d dbus_system_DATA = \ org.fedoraproject.Setroubleshootd.conf \ - org.fedoraproject.SetroubleshootFixit.conf + org.fedoraproject.SetroubleshootFixit.conf \ + org.fedoraproject.SetroubleshootPrivileged.conf + polkit_systemdir = $(datadir)/polkit-1/actions polkit_system_DATA = \ diff --git a/framework/org.fedoraproject.SetroubleshootPrivileged.conf b/framework/org.fedoraproject.SetroubleshootPrivileged.conf new file mode 100644 index 000000000000..aaa0a0f661d3 --- /dev/null +++ b/framework/org.fedoraproject.SetroubleshootPrivileged.conf @@ -0,0 +1,20 @@ + + + + + + + + + + + + + + + + diff --git a/framework/org.fedoraproject.SetroubleshootPrivileged.service b/framework/org.fedoraproject.SetroubleshootPrivileged.service new file mode 100644 index 000000000000..7a454589a31d --- /dev/null +++ b/framework/org.fedoraproject.SetroubleshootPrivileged.service @@ -0,0 +1,4 @@ +[D-BUS Service] +Name=org.fedoraproject.SetroubleshootPrivileged +Exec=/usr/share/setroubleshoot/SetroubleshootPrivileged.py +User=root diff --git a/framework/src/Makefile.am b/framework/src/Makefile.am index e1782d585e8d..bf53763b3084 100644 --- a/framework/src/Makefile.am +++ b/framework/src/Makefile.am @@ -38,7 +38,8 @@ pkglibexec_SCRIPTS = \ pkgdir = $(datarootdir)/setroubleshoot pkg_SCRIPTS = \ SetroubleshootFixit.py \ - updater.py + updater.py \ + SetroubleshootPrivileged.py pkgconfig_DATA = \ setroubleshoot.conf \ diff --git a/framework/src/SetroubleshootPrivileged.py b/framework/src/SetroubleshootPrivileged.py new file mode 100644 index 000000000000..858115bbe5ae --- /dev/null +++ b/framework/src/SetroubleshootPrivileged.py @@ -0,0 +1,57 @@ +#!/usr/bin/python3 + +# Authors: Petr Lautrbach +# +# Copyright (C) 2020 Red Hat, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write to the Free Software Foundation, Inc., +# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +import dbus +import dbus.service +from dbus.mainloop.glib import DBusGMainLoop +from gi.repository import GLib +import setroubleshoot.util +import signal + +DBusGMainLoop(set_as_default=True) + +class Privileged(dbus.service.Object): + + def __init__(self, timeout=10): + self.timeout = timeout + self.alarm(self.timeout) + + bus = dbus.SystemBus() + bus.request_name("org.fedoraproject.SetroubleshootPrivileged") + bus_name = dbus.service.BusName("org.fedoraproject.SetroubleshootPrivileged", bus=bus) + dbus.service.Object.__init__(self, bus_name, "/org/fedoraproject/SetroubleshootPrivileged/object") + + def alarm(self, timeout=10): + signal.alarm(timeout) + + @dbus.service.method("org.fedoraproject.SetroubleshootPrivileged", in_signature='s', out_signature='s') + def get_rpm_nvr_by_scontext(self, scontext): + signal.alarm(self.timeout) + rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext) + if rpmnvr is None: + return "" + + return rpmnvr + +if __name__ == "__main__": + privileged = Privileged() + + loop = GLib.MainLoop() + loop.run() -- 2.25.1