Le 07/10/17 à 17:03, Laurent Bigonville a écrit :
On Fri, 22 Sep 2017 12:26:42 +0200 Laurent Bigonville
<bi...@debian.org> wrote:
[...]
3. If you don't want to shell out, you could use the python selinux
module to retrieve and display the informations (see my little
example attached) there is however no guarantee that the
python-selinux module is installed if selinux is enabled though.
That means that reportbug will have to Depends/Recommends it. IMHO
this is the most flexible way.
[...]
I would probably for 3 if depending on the module is OK and we just a
one line telling: "LMS: SELinux: enabled - enforcing/permissive - Policy
name: foo"
Here a patch that implements the SELinux part
Please find here the version 2 of my patch.
>From 98597ae08f955b368a65e20343f8056a1ecf6e1c Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bi...@debian.org>
Date: Sat, 7 Oct 2017 16:59:01 +0200
Subject: [PATCH] Add SELinux status in the bug reports
This is the first step to add LSM information in the bug reports
---
debian/control | 1 +
reportbug/bugreport.py | 3 +++
reportbug/utils.py | 28 ++++++++++++++++++++++++++++
3 files changed, 32 insertions(+)
diff --git a/debian/control b/debian/control
index 9afcc7d..800588a 100644
--- a/debian/control
+++ b/debian/control
@@ -37,6 +37,7 @@ Package: python3-reportbug
Section: python
Architecture: all
Depends: ${misc:Depends}, ${python3:Depends}, apt, python3-debian, python3-debianbts (>= 1.13), file, python3-requests
+Recommends: python3-selinux
Suggests: reportbug
Description: Python modules for interacting with bug tracking systems
reportbug is a tool designed to make the reporting of bugs in Debian
diff --git a/reportbug/bugreport.py b/reportbug/bugreport.py
index ea835fa..e178a1a 100644
--- a/reportbug/bugreport.py
+++ b/reportbug/bugreport.py
@@ -82,6 +82,7 @@ class bugreport(object):
debinfo = ''
shellpath = utils.realpath('/bin/sh')
init = utils.get_init_system()
+ lsminfo = utils.get_lsm_info()
locinfo = []
langsetting = os.environ.get('LANG', 'C')
@@ -177,6 +178,8 @@ class bugreport(object):
debinfo += 'Shell: /bin/sh linked to %s\n' % shellpath
if init:
debinfo += 'Init: %s\n' % init
+ if lsminfo:
+ debinfo += 'LSM: %s\n' % lsminfo
# Don't include system info for certain packages
if self.sysinfo:
diff --git a/reportbug/utils.py b/reportbug/utils.py
index 8139668..d1c9516 100644
--- a/reportbug/utils.py
+++ b/reportbug/utils.py
@@ -43,6 +43,12 @@ import pipes
from .urlutils import open_url
from string import ascii_letters, digits
+try:
+ import selinux
+ selinux_module = True
+except ImportError:
+ selinux_module = False
+
# Paths for dpkg
DPKGLIB = '/var/lib/dpkg'
AVAILDB = os.path.join(DPKGLIB, 'available')
@@ -1304,3 +1310,25 @@ def get_init_system():
init = 'sysvinit (via /sbin/init)'
return init
+
+def get_lsm_info():
+ """Determines the linux security module enabled on the current machine
+
+ Returns None if there is no LSM enabled on the machine or if the state
+ cannot be determined."""
+
+ lsminfo = None
+ if selinux_module:
+ is_selinux_enabled = selinux.is_selinux_enabled()
+ if (is_selinux_enabled == 1):
+ lsminfo = 'SELinux: enabled - '
+ is_selinux_enforce = selinux.security_getenforce()
+ if (is_selinux_enforce == 0):
+ lsminfo += 'Mode: permissive - '
+ elif (is_selinux_enforce == 1):
+ lsminfo += 'Mode: enforcing - '
+ else:
+ lsminfo += 'Mode: unknown - '
+ lsminfo += 'Policy name: %s' % os.path.basename(selinux.selinux_policy_root())
+
+ return lsminfo
--
2.14.2
