e2dfff1666
- sealert to report a bug on a package which owns the related SELinux domain https://pagure.io/setroubleshoot/issue/18
61 lines
3.4 KiB
Diff
61 lines
3.4 KiB
Diff
From 74926ff27b35329819d74ea53eef2aff376cc6e1 Mon Sep 17 00:00:00 2001
|
|
From: Petr Lautrbach <plautrba@redhat.com>
|
|
Date: Tue, 25 Feb 2020 10:36:06 +0100
|
|
Subject: [PATCH] Add Local SELinux policy package version to analyses reports
|
|
|
|
Sometimes a SELinux domain is shipped by other than selinux-policy packages. In
|
|
this case it's useful to report other package policy version together with
|
|
selinux-policy version, e.g. for the following AVC:
|
|
|
|
type=AVC msg=audit(1582621541.469:6896): avc: denied { write } for pid=1627505 comm="python3" name="plautrba" dev="dm-4" ino=19529729 scontext=system_u:system_r:mysqld_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=1
|
|
|
|
a report will contain the following lines:
|
|
|
|
SELinux Policy RPM selinux-policy-3.14.5-24.fc32.1.contrib.50770ffc2a14.noarch
|
|
Local Policy RPM mysql-selinux-1.0.0-9.fc32.noarch
|
|
---
|
|
framework/src/setroubleshoot/signature.py | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/framework/src/setroubleshoot/signature.py b/framework/src/setroubleshoot/signature.py
|
|
index 711c2875f5a4..7287eec8af61 100755
|
|
--- a/framework/src/setroubleshoot/signature.py
|
|
+++ b/framework/src/setroubleshoot/signature.py
|
|
@@ -120,6 +120,7 @@ class SEEnvironment(XmlSerialize):
|
|
'kernel': {'XMLForm': 'element'},
|
|
'policy_type': {'XMLForm': 'element'},
|
|
'policy_rpm': {'XMLForm': 'element'},
|
|
+ 'local_policy_rpm': {'XMLForm': 'element'},
|
|
'enforce': {'XMLForm': 'element'},
|
|
'selinux_enabled': {'XMLForm': 'element', 'import_typecast': boolean, },
|
|
'selinux_mls_enabled': {'XMLForm': 'element', 'import_typecast': boolean, },
|
|
@@ -141,6 +142,7 @@ class SEEnvironment(XmlSerialize):
|
|
self.platform, self.kernel = get_os_environment()
|
|
self.policy_type = selinux.selinux_getpolicytype()[1]
|
|
self.policy_rpm = get_rpm_nvr_by_name("selinux-policy")
|
|
+ self.local_policy_rpm = self.policy_rpm
|
|
self.policyvers = str(selinux.security_policyvers())
|
|
enforce = selinux.security_getenforce()
|
|
if enforce == 0:
|
|
@@ -312,6 +314,7 @@ class SEFaultSignatureInfo(XmlSerialize):
|
|
setattr(self, k, v)
|
|
self.report_count = 1
|
|
self.plugin_list = []
|
|
+ self.environment.local_policy_rpm = get_rpm_nvr_by_scontext(self.scontext, use_dbus=True)
|
|
|
|
def update_merge(self, siginfo):
|
|
if siginfo.last_seen_date != self.last_seen_date:
|
|
@@ -524,7 +527,8 @@ class SEFaultSignatureInfo(XmlSerialize):
|
|
text += format_2_column_name_value(_("Host"), default_text(self.sig.host))
|
|
text += format_2_column_name_value(_("Source RPM Packages"), default_text(self.format_rpm_list(self.src_rpm_list)))
|
|
text += format_2_column_name_value(_("Target RPM Packages"), default_text(self.format_rpm_list(self.tgt_rpm_list)))
|
|
- text += format_2_column_name_value(_("Policy RPM"), default_text(env.policy_rpm))
|
|
+ text += format_2_column_name_value(_("SELinux Policy RPM"), default_text(env.policy_rpm))
|
|
+ text += format_2_column_name_value(_("Local Policy RPM"), default_text(env.local_policy_rpm))
|
|
text += format_2_column_name_value(_("Selinux Enabled"), default_text(env.selinux_enabled))
|
|
text += format_2_column_name_value(_("Policy Type"), default_text(env.policy_type))
|
|
text += format_2_column_name_value(_("Enforcing Mode"), default_text(env.enforce))
|
|
--
|
|
2.25.1
|
|
|