rpms/setroubleshoot/F-7 .cvsignore, 1.73, 1.74 setroubleshoot.init, 1.9, 1.10 setroubleshoot.spec, 1.88, 1.89 sources, 1.84, 1.85
John Dennis (jdennis)
fedora-extras-commits at redhat.com
Wed Sep 26 22:08:41 UTC 2007
Author: jdennis
Update of /cvs/pkgs/rpms/setroubleshoot/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv22641/F-7
Modified Files:
.cvsignore setroubleshoot.init setroubleshoot.spec sources
Log Message:
update to latest upstream, fix requires for selinux-policy
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/setroubleshoot/F-7/.cvsignore,v
retrieving revision 1.73
retrieving revision 1.74
diff -u -r1.73 -r1.74
--- .cvsignore 23 Aug 2007 19:36:55 -0000 1.73
+++ .cvsignore 26 Sep 2007 22:08:09 -0000 1.74
@@ -1 +1 @@
-setroubleshoot-1.10.1.tar.gz
+setroubleshoot-1.10.6.tar.gz
Index: setroubleshoot.init
===================================================================
RCS file: /cvs/pkgs/rpms/setroubleshoot/F-7/setroubleshoot.init,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- setroubleshoot.init 15 Sep 2006 20:52:45 -0000 1.9
+++ setroubleshoot.init 26 Sep 2007 22:08:09 -0000 1.10
@@ -9,22 +9,49 @@
# config: /etc/setroubleshoot/setroubleshoot.cfg
# pidfile: /var/run/setroubleshoot.pid
#
+
+### BEGIN INIT INFO
+# Provides: lsb-setroubleshootd
+# Required-Start: $local_fs $syslog $network $named
+# Required-Stop: $local_fs $syslog $network $named
+# Default-Start: 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: start and stop SELinux Troubleshooting Daemon
+# Description: controls operation of the SELinux Troubleshooting Daemon
+# (setroubleshootd) which listens for SELinux AVC denial messages
+# analyzes it and provides a friendly interpretation.
+### END INIT INFO
+
# Return values according to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature (e.g. "reload")
-# 4 - insufficient privilege
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
+# 0 success
+# 1 generic or unspecified error (current practice)
+# 2 invalid or excess argument(s)
+# 3 unimplemented feature (for example, "reload")
+# 4 user had insufficient privilege
+# 5 program is not installed
+# 6 program is not configured
+# 7 program is not running
+
+# Command argument
+# start start the service
+# stop stop the service
+# restart stop and restart the service if the service is already running, otherwise start the service
+# try-restart restart the service if the service is already running
+# reload cause the configuration of the service to be reloaded without actually stopping and restarting the service
+# force-reload cause the configuration to be reloaded if the service supports this, otherwise restart the service if it is running
+# status print the current status of the service
+
+# start, stop, restart, force-reload, and status actions must be supported
+# reload and the try-restart actions are optional.
+# the init script.
+
+
PATH=/sbin:/bin:/usr/bin:/usr/sbin
# Source function library.
. /etc/init.d/functions
-
# Silently exit is SELinux is not enabled
[ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled || exit 1
@@ -44,6 +71,9 @@
if test $RETVAL = 0 ; then
touch /var/lock/subsys/$prog
fi
+ if test $RETVAL = 3 ; then
+ echo -n $"Cannot start $prog: SELinux not enabled"
+ fi
return $RETVAL
}
@@ -99,17 +129,17 @@
restart)
restart
;;
- reload)
+ force-reload|reload)
reload
;;
- condrestart)
+ try-restart|condrestart)
condrestart
;;
cleardb)
cleardb
;;
*)
- echo $"Usage: $0 {start|stop|status|restart|condrestart|reload|cleardb}"
+ echo $"Usage: $0 {start|stop|status|restart|try-restart|condrestart|reload|force-reload|cleardb}"
RETVAL=3
esac
Index: setroubleshoot.spec
===================================================================
RCS file: /cvs/pkgs/rpms/setroubleshoot/F-7/setroubleshoot.spec,v
retrieving revision 1.88
retrieving revision 1.89
diff -u -r1.88 -r1.89
--- setroubleshoot.spec 23 Aug 2007 19:36:55 -0000 1.88
+++ setroubleshoot.spec 26 Sep 2007 22:08:09 -0000 1.89
@@ -1,8 +1,8 @@
Summary: Helps troubleshoot SELinux problems
Name: setroubleshoot
-Version: 1.10.1
+Version: 1.10.6
Release: 1%{?dist}
-License: GPL
+License: GPLv2+
Group: Applications/System
URL: https://hosted.fedoraproject.org/projects/setroubleshoot
Source0: %{name}-%{version}.tar.gz
@@ -25,6 +25,8 @@
Requires(postun): /usr/bin/update-desktop-database
Requires(postun): dbus
Requires: notify-python
+%{?fc7: Requires: Requires: selinux-policy-base >= 2.6.4-45}
+%{?fc8: Requires: Requires: selinux-policy-base >= 3.0.7-10}
%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
@@ -146,8 +148,8 @@
%{pkgpythondir}/__init__.py*
%{pkgpythondir}/access_control.py*
%{pkgpythondir}/analyze.py*
+%{pkgpythondir}/audit_data.py*
%{pkgpythondir}/avc_audit.py*
-%{pkgpythondir}/avc_auparse.py*
%{pkgpythondir}/config.py*
%{pkgpythondir}/email_alert.py*
%{pkgpythondir}/errcode.py*
@@ -171,6 +173,133 @@
%attr(0755,root,root) /etc/rc.d/init.d/%{name}
%changelog
+* Wed Sep 26 2007 John Dennis <jdennis at redhat.com> - 1.10.6-1
+ - make selinx-policy requires in spec file specific to dist tag
+
+* Mon Sep 24 2007 John Dennis <jdennis at redhat.com> - 1.10.5-1
+ - update code for command line log file scanning to work with
+ new log file scanning code introduced for the browser.
+
+ - update Bulgarian translation (Doncho N. Gunchev (gunchev at gmail.com))
+
+ - update Polish translation (Piotr DrÄ…g (raven at pmail.pl))
+
+ - Resolves bug #239893: sealert wakes up very often
+ This was caused by the use of threads and pygtk's thread signal
+ handling. The only use of threads in sealert was for log file
+ scanning so that the UI would remain responsive during a
+ scan. Threads in sealert have now been completely
+ removed. Instead the scanning work is performed in a gobject idle
+ function called from the main loop. The idle function is written
+ as a python generator function which allows for the function to
+ perform a small amount of work, save it's execution state and
+ return. The next time the idle function is called from the main
+ loop it resumes execution from it's last state until it decides
+ to yield control again. This way the long running scan/analysis
+ can be performed in small successive units of work during the
+ time the application is otherwise idle and it does not interfere
+ with the rest of the GUI event processing. Everything now occurs
+ in an event loop, think of it as the applications process/thread
+ scheduler whose event handlers execute time slices.
+
+ - rewrote parts of the audit input pipeline to use generators
+ instead of callbacks, thus permitting the logfile scanning code
+ to yield control with more granularity. Also updated
+ test_setroubleshootd and audisp_listen to use the new
+ generator/yield logic.
+
+ - rewrote the dialog used for scanning log files, progress bar
+ updates are now in the dialog, the scan can be terminated part
+ way through, errors from the scan are reported in pop-up dialog,
+ one can only dismiss the dialog with success if the scan had
+ been successfully run to completion, otherwise the user is only
+ left with the option to cancel.
+
+ - Relates bug #252035 bug #247469, setroubleshootd and sealert should
+ exit if SELinux is disabled.
+
+ - add utility functions escape_html() and unescape_html()
+
+ - fix initial sort order in browser, track sort order in browser
+
+ - modify AVC.get_path() to only return a value if the 'path' field is
+ set, formerly it also considered the fields 'name' & 'file' which were
+ incorrect. get_path() now also looks to see if the string begins with a
+ slash for a fully qualified path, if not it looks to see if its a
+ pseudo path such as 'pipe[12345]' or 'socket[12345]' and if so strips out
+ the instance information inside the brackets and returns just the type of
+ the pseudo path. This is done because we do not want path information
+ in the signature to be unique for each instance of the denial.
+
+ - modify the TimeStamp class to hide it's internal datetime member,
+ remove the cmp() method, the internal __cmp__ will be automatically invoked.
+
+ - require selinux policy version in spec file to allow system dbus use
+
+ - Resolves bug #256601: audit2allow generates incorrect syntax when comma "," in
+ denied list
+
+ - update po i18n files
+
+ - Add support for pruning database by age and size
+
+
+* Sat Sep 8 2007 John Dennis <jdennis at redhat.com> - 1.10.4-1
+ - fix init script
+
+* Sat Sep 8 2007 John Dennis <jdennis at redhat.com> - 1.10.3-1
+ - modify avc_audit.py to use new audit_data.py implementation
+
+ - can listen for audit events on either /var/run/audit_events
+ in bindary protocol mode or /var/run/audisp_events in
+ text protocol mode
+
+* Thu Sep 6 2007 John Dennis <jdennis at redhat.com> - 1.10.2-1
+ - remove all copied code from test_setroubleshootd, now we import
+ from setroubleshoot
+
+ - export ClientConnectionHandler from rpc.py as a base class.
+ Derive SetroubleshootdClientConnectionHandler and
+ AuditClientConnectionHandler from ClientConnectionHandler.
+
+ - add audisp_listen as test program
+
+ - create setroubleshoot sym link in top devel directory pointing
+ to src so import setroubleshoot.foo if PYTHONPATH=topdir
+
+ - add get_option, convert_cfg_type to config.py.in so that one
+ can pass optional dict to override config file settings
+
+ - rewrite log_init() so it's easier for other programs to use it,
+ fix the import logic concering log & config
+
+ - remove log code from test_setroubleshoot, now just does import
+ from setroubleshoot.
+
+ - test_setroubleshootd can now handle audit records in both text
+ and binary formats, can be selected by command line arg. It can now
+ either output to clients connecting on a socket or to stdout. Can
+ now optionally exit after N socket client connections.
+
+ - remove non audit record lines from test data
+
+ - remove config_init() and log_init() from package __init__.py
+ It was the wrong place to call them, now call them when the
+ process initializes before the first setroubleshoot imports
+
+ - add parse_config_setting() and set_config() to config module
+ - setroubleshootd now accepts -c --config command line arg
+ - test_sectroubleshoot: add err defines & program_error exception
+ add is_valid() tests to assure we read a valid audit record
+ log the unrecognized line if not valid, clean up socket close()
+
+ - Relates Bug #247056, update initscript to LSB standards
+ Note: LSB initscripts in Fedora is not yet a resolved issue,
+ the changes implemented were to add an LSB block and support
+ the new LSB try-restart and force-reload commands. However
+ the new /lib/lsb/init-functions are NOT currently used as this
+ is the unstable part.
+
* Thu Aug 23 2007 John Dennis <jdennis at redhat.com> - 1.10.1-1
- add BuildRequires perl-XML-Parser
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/setroubleshoot/F-7/sources,v
retrieving revision 1.84
retrieving revision 1.85
diff -u -r1.84 -r1.85
--- sources 23 Aug 2007 19:36:55 -0000 1.84
+++ sources 26 Sep 2007 22:08:09 -0000 1.85
@@ -1 +1 @@
-a1a0c6f42c966485a10170cc7fcf6014 setroubleshoot-1.10.1.tar.gz
+3189248dedf6ff67a4a79ce61172b56b setroubleshoot-1.10.6.tar.gz
More information about the fedora-extras-commits
mailing list