Package: cruft
Version: 0.9.29
Running cruft on a test vm with SELinux creates some noise.
I created some filters and explain scripts under the guideline,
filters contains paths, which may be present on the system and paths
from the explain scripts must be present.
In addition, I ignored the two kernel pseudo filesystems selinuxfs and
tracefs in the common_legacy script.
policycoreutils.explain
===========================================
#!/bin/sh
echo /etc/selinux/config
echo /usr/sbin/load_policy
===========================================
selinux-policy-default.explain
===========================================
#!/usr/bin/env python3
import re
import subprocess
print('/etc/selinux/default/contexts/files/file_contexts')
print('/etc/selinux/default/contexts/files/file_contexts.bin')
print('/etc/selinux/default/contexts/files/file_contexts.homedirs')
print('/etc/selinux/default/contexts/files/file_contexts.homedirs.bin')
print('/etc/selinux/default/seusers')
print('/etc/selinux/default/policy/policy.' +
str(open('/sys/fs/selinux/policyvers', 'r').readline()))
pattern = re.compile('^(\d+)\s+([a-z0-9_]+)\s+(pp|cil)\s*(disabled)?$')
cp = subprocess.run(['/usr/sbin/semodule', '--list-modules=full',
'--store', 'default'], stdout=subprocess.PIPE,
stderr=subprocess.STDOUT, universal_newlines=True, check=True)
for line in cp.stdout.splitlines():
m = re.match(pattern, line)
if m:
priority = m.group(1)
module = m.group(2)
disabled = True if len(m.groups()) is 4 and m.group(4) ==
'disabled' else False
print('/var/lib/selinux/default/active/modules/' +priority)
print('/var/lib/selinux/default/active/modules/' + priority +
'/' + module)
print('/var/lib/selinux/default/active/modules/' + priority +
'/' + module + '/hll')
print('/var/lib/selinux/default/active/modules/' + priority +
'/' + module + '/cil')
print('/var/lib/selinux/default/active/modules/' + priority +
'/' + module + '/lang_ext')
if disabled:
print('/var/lib/selinux/default/active/modules/disabled/' + module)
print('/var/lib/selinux/default/active')
print('/var/lib/selinux/default/active/booleans.local')
print('/var/lib/selinux/default/active/commit_num')
print('/var/lib/selinux/default/active/file_contexts')
print('/var/lib/selinux/default/active/homedir_template')
print('/var/lib/selinux/default/active/modules')
print('/var/lib/selinux/default/active/modules/100')
print('/var/lib/selinux/default/active/modules/disabled')
print('/var/lib/selinux/default/active/policy.kern')
print('/var/lib/selinux/default/active/seusers')
print('/var/lib/selinux/default/active/seusers.local')
print('/var/lib/selinux/default/active/users_extra')
print('/var/lib/selinux/default/semanage.read.LOCK')
print('/var/lib/selinux/default/semanage.trans.LOCK')
===========================================
selinux-policy-dev.explain
===========================================
#!/bin/bash
echo /var/lib/sepolgen/interface_info
===========================================
apt-listchanges.filter
===========================================
/usr/share/apt-listchanges/__pycache__
/usr/share/apt-listchanges/__pycache__/*.pyc
/var/lib/apt/listchanges.db
===========================================
auditd.filter
===========================================
/etc/audit/audit.rules
/etc/audit/audit.rules.prev
/var/log/audit/audit.log*
===========================================
policycoreutils.filter
===========================================
/var/lib/selinux/final
/var/lib/selinux/tmp
===========================================
selinux-basics.filter
===========================================
/usr/share/selinux-basics/tests/__pycache__
/usr/share/selinux-basics/tests/__pycache__/*.pyc
===========================================
With these changes the report looks like:
cruft report: Sat Jan 7 15:19:01 CET 2017
---- missing: dpkg ----
# i do not know why they are mssing, reinstalling libglib2.0-0
does not help
/usr/lib/x86_64-linux-gnu/gio
/usr/lib/x86_64-linux-gnu/gio/modules
---- unexplained: / ----
# i think these two are from the installation process?
/etc/apt/apt.conf.d/00CDMountPoint
/etc/apt/apt.conf.d/00trustcdrom
# my custom configuration files
/etc/apt/apt.conf.d/01aptcacher
/etc/apt/apt.conf.d/10periodic
# apt listchanges conf, should be handled by explain script?
/etc/apt/listchanges.conf
# custom configuration file
/etc/tmpfiles.d/x11.conf
# do not know what do to about these two
/tmp/systemd-private-7b3b2461cf5840c8986a3827beef6b31-systemd-timesyncd.service-l1BCT8
/tmp/systemd-private-7b3b2461cf5840c8986a3827beef6b31-systemd-timesyncd.service-l1BCT8/tmp
# stamp file from apt.daily script, should be handled by filter?
/var/lib/apt/periodic/clean-stamp
---- broken symlinks: / ----
# gcc bugs?
# root@debianSE:/etc/cruft/explain# ll /usr/share/man/man1/gcc*
# lrwxrwxrwx. 1 root root system_u:object_r:man_t:s0 13 Nov 18
14:33 /usr/share/man/man1/gcc-ar.1.gz -> gcc-ar-6.1.gz
# lrwxrwxrwx. 1 root root system_u:object_r:man_t:s0 13 Nov 18
14:33 /usr/share/man/man1/gcc-nm.1.gz -> gcc-nm-6.1.gz
# lrwxrwxrwx. 1 root root system_u:object_r:man_t:s0 17 Nov 18
14:33 /usr/share/man/man1/gcc-ranlib.1.gz -> gcc-ranlib-6.1.gz
# root@debianSE:/etc/cruft/explain# ll
/usr/share/man/man1/x86_64-linux-gnu-gcc*
# -rw-r--r--. 1 root root system_u:object_r:man_t:s0 269 Dec 31
06:10 /usr/share/man/man1/x86_64-linux-gnu-gcc-ar-6.1.gz
# lrwxrwxrwx. 1 root root system_u:object_r:man_t:s0 13 Nov 18
14:33 /usr/share/man/man1/x86_64-linux-gnu-gcc-ar.1.gz ->
gcc-ar-6.1.gz
# -rw-r--r--. 1 root root system_u:object_r:man_t:s0 269 Dec 31
06:10 /usr/share/man/man1/x86_64-linux-gnu-gcc-nm-6.1.gz
# lrwxrwxrwx. 1 root root system_u:object_r:man_t:s0 13 Nov 18
14:33 /usr/share/man/man1/x86_64-linux-gnu-gcc-nm.1.gz ->
gcc-nm-6.1.gz
# -rw-r--r--. 1 root root system_u:object_r:man_t:s0 274 Dec 31
06:10 /usr/share/man/man1/x86_64-linux-gnu-gcc-ranlib-6.1.gz
# lrwxrwxrwx. 1 root root system_u:object_r:man_t:s0 17 Nov 18
14:33 /usr/share/man/man1/x86_64-linux-gnu-gcc-ranlib.1.gz ->
gcc-ranlib-6.1.gz
/usr/share/man/man1/gcc-ar.1.gz
/usr/share/man/man1/x86_64-linux-gnu-gcc-ranlib.1.gz
/usr/share/man/man1/gcc-ranlib.1.gz
/usr/share/man/man1/x86_64-linux-gnu-gcc-nm.1.gz
/usr/share/man/man1/gcc-nm.1.gz
/usr/share/man/man1/x86_64-linux-gnu-gcc-ar.1.gz
# link to ../proc/self/mounts
/etc/mtab
end.
Best regards,
Christian Göttsche
