e2dfff1666
- sealert to report a bug on a package which owns the related SELinux domain https://pagure.io/setroubleshoot/issue/18
163 lines
6.0 KiB
Diff
163 lines
6.0 KiB
Diff
From 5242f26ab29c7787a6071d10bf613e6b283512ef Mon Sep 17 00:00:00 2001
|
|
From: Petr Lautrbach <plautrba@redhat.com>
|
|
Date: Mon, 24 Feb 2020 19:04:25 +0100
|
|
Subject: [PATCH] Export setroubleshoot.utils.get_rpm_nvr_by_scontext via DBUS
|
|
|
|
$ dbus-send --system --print-reply --dest=org.fedoraproject.SetroubleshootPrivileged \
|
|
/org/fedoraproject/SetroubleshootPrivileged/object \
|
|
org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext \
|
|
string:"system_u:system_r:mysqld_log_t:s0"
|
|
|
|
org.fedoraproject.SetroubleshootPrivileged is available only for
|
|
`setroubleshoot` user and it's supposed to be a privileged helper which is used
|
|
by `setroubleshootd`
|
|
---
|
|
framework/Makefile.am | 7 ++-
|
|
...edoraproject.SetroubleshootPrivileged.conf | 20 +++++++
|
|
...raproject.SetroubleshootPrivileged.service | 4 ++
|
|
framework/src/Makefile.am | 3 +-
|
|
framework/src/SetroubleshootPrivileged.py | 57 +++++++++++++++++++
|
|
5 files changed, 88 insertions(+), 3 deletions(-)
|
|
create mode 100644 framework/org.fedoraproject.SetroubleshootPrivileged.conf
|
|
create mode 100644 framework/org.fedoraproject.SetroubleshootPrivileged.service
|
|
create mode 100644 framework/src/SetroubleshootPrivileged.py
|
|
|
|
diff --git a/framework/Makefile.am b/framework/Makefile.am
|
|
index 56a8b37fa037..f330b7c3e112 100644
|
|
--- a/framework/Makefile.am
|
|
+++ b/framework/Makefile.am
|
|
@@ -14,12 +14,15 @@ dbus_session_DATA = sealert.service
|
|
dbus_systemservicedir = $(datadir)/dbus-1/system-services
|
|
dbus_systemservice_DATA = \
|
|
org.fedoraproject.Setroubleshootd.service \
|
|
- org.fedoraproject.SetroubleshootFixit.service
|
|
+ org.fedoraproject.SetroubleshootFixit.service \
|
|
+ org.fedoraproject.SetroubleshootPrivileged.service
|
|
|
|
dbus_systemdir = $(sysconfdir)/dbus-1/system.d
|
|
dbus_system_DATA = \
|
|
org.fedoraproject.Setroubleshootd.conf \
|
|
- org.fedoraproject.SetroubleshootFixit.conf
|
|
+ org.fedoraproject.SetroubleshootFixit.conf \
|
|
+ org.fedoraproject.SetroubleshootPrivileged.conf
|
|
+
|
|
|
|
polkit_systemdir = $(datadir)/polkit-1/actions
|
|
polkit_system_DATA = \
|
|
diff --git a/framework/org.fedoraproject.SetroubleshootPrivileged.conf b/framework/org.fedoraproject.SetroubleshootPrivileged.conf
|
|
new file mode 100644
|
|
index 000000000000..aaa0a0f661d3
|
|
--- /dev/null
|
|
+++ b/framework/org.fedoraproject.SetroubleshootPrivileged.conf
|
|
@@ -0,0 +1,20 @@
|
|
+<?xml version="1.0" encoding="UTF-8"?> <!-- -*- XML -*- -->
|
|
+
|
|
+<!DOCTYPE busconfig PUBLIC
|
|
+ "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN"
|
|
+ "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
|
|
+<busconfig>
|
|
+
|
|
+ <!-- Only root can own the service -->
|
|
+ <policy user="root">
|
|
+ <allow own="org.fedoraproject.SetroubleshootPrivileged"/>
|
|
+ </policy>
|
|
+
|
|
+ <policy user="setroubleshoot">
|
|
+ <allow send_destination="org.fedoraproject.SetroubleshootPrivileged"
|
|
+ send_interface="org.fedoraproject.SetroubleshootPrivileged"/>
|
|
+ <allow send_destination="org.fedoraproject.SetroubleshootPrivileged"
|
|
+ send_interface="org.freedesktop.DBus.Introspectable"/>
|
|
+ </policy>
|
|
+
|
|
+</busconfig>
|
|
diff --git a/framework/org.fedoraproject.SetroubleshootPrivileged.service b/framework/org.fedoraproject.SetroubleshootPrivileged.service
|
|
new file mode 100644
|
|
index 000000000000..7a454589a31d
|
|
--- /dev/null
|
|
+++ b/framework/org.fedoraproject.SetroubleshootPrivileged.service
|
|
@@ -0,0 +1,4 @@
|
|
+[D-BUS Service]
|
|
+Name=org.fedoraproject.SetroubleshootPrivileged
|
|
+Exec=/usr/share/setroubleshoot/SetroubleshootPrivileged.py
|
|
+User=root
|
|
diff --git a/framework/src/Makefile.am b/framework/src/Makefile.am
|
|
index e1782d585e8d..bf53763b3084 100644
|
|
--- a/framework/src/Makefile.am
|
|
+++ b/framework/src/Makefile.am
|
|
@@ -38,7 +38,8 @@ pkglibexec_SCRIPTS = \
|
|
pkgdir = $(datarootdir)/setroubleshoot
|
|
pkg_SCRIPTS = \
|
|
SetroubleshootFixit.py \
|
|
- updater.py
|
|
+ updater.py \
|
|
+ SetroubleshootPrivileged.py
|
|
|
|
pkgconfig_DATA = \
|
|
setroubleshoot.conf \
|
|
diff --git a/framework/src/SetroubleshootPrivileged.py b/framework/src/SetroubleshootPrivileged.py
|
|
new file mode 100644
|
|
index 000000000000..858115bbe5ae
|
|
--- /dev/null
|
|
+++ b/framework/src/SetroubleshootPrivileged.py
|
|
@@ -0,0 +1,57 @@
|
|
+#!/usr/bin/python3
|
|
+
|
|
+# Authors: Petr Lautrbach <plautrba@redhat.com>
|
|
+#
|
|
+# Copyright (C) 2020 Red Hat, Inc.
|
|
+
|
|
+# This program is free software; you can redistribute it and/or modify
|
|
+# it under the terms of the GNU General Public License as published by
|
|
+# the Free Software Foundation; either version 2 of the License, or
|
|
+# (at your option) any later version.
|
|
+#
|
|
+# This program is distributed in the hope that it will be useful,
|
|
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
+# GNU General Public License for more details.
|
|
+#
|
|
+# You should have received a copy of the GNU General Public License along
|
|
+# with this program; if not, write to the Free Software Foundation, Inc.,
|
|
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
+
|
|
+import dbus
|
|
+import dbus.service
|
|
+from dbus.mainloop.glib import DBusGMainLoop
|
|
+from gi.repository import GLib
|
|
+import setroubleshoot.util
|
|
+import signal
|
|
+
|
|
+DBusGMainLoop(set_as_default=True)
|
|
+
|
|
+class Privileged(dbus.service.Object):
|
|
+
|
|
+ def __init__(self, timeout=10):
|
|
+ self.timeout = timeout
|
|
+ self.alarm(self.timeout)
|
|
+
|
|
+ bus = dbus.SystemBus()
|
|
+ bus.request_name("org.fedoraproject.SetroubleshootPrivileged")
|
|
+ bus_name = dbus.service.BusName("org.fedoraproject.SetroubleshootPrivileged", bus=bus)
|
|
+ dbus.service.Object.__init__(self, bus_name, "/org/fedoraproject/SetroubleshootPrivileged/object")
|
|
+
|
|
+ def alarm(self, timeout=10):
|
|
+ signal.alarm(timeout)
|
|
+
|
|
+ @dbus.service.method("org.fedoraproject.SetroubleshootPrivileged", in_signature='s', out_signature='s')
|
|
+ def get_rpm_nvr_by_scontext(self, scontext):
|
|
+ signal.alarm(self.timeout)
|
|
+ rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext)
|
|
+ if rpmnvr is None:
|
|
+ return ""
|
|
+
|
|
+ return rpmnvr
|
|
+
|
|
+if __name__ == "__main__":
|
|
+ privileged = Privileged()
|
|
+
|
|
+ loop = GLib.MainLoop()
|
|
+ loop.run()
|
|
--
|
|
2.25.1
|
|
|