Le 26/10/17 à 19:17, intrigeri a écrit :
intrigeri:
I'm attaching the equivalent for AppArmor.
Here's a cleaned up v2 (my initial patch had leftovers from a previous
version that included the output of aa-enabled; now that I've stopped
doing it I could simplify the code a bit).
Thanks a lot to Christian Boltz for catching this and
suggesting --quiet!
Oh you are using aa-enabled and not a python module instead.
I've done an other version of my patch that uses selinuxenabled and
getenforce tools (which are in a package installed in 99% of the cases
when using selinux).
This is a bit less elegant, but it seems to do the job and it has the
advantage of not requiring python-selinux.
I guess it's up to the maintainer to choose here.
>From 4bf22d8b52dcebc078281fd200680d95b08b926d Mon Sep 17 00:00:00 2001
From: Laurent Bigonville <bi...@debian.org>
Date: Sat, 7 Oct 2017 16:59:01 +0200
Subject: [PATCH] Add SELinux status in the bug reports
This is the first step to add LSM information in the bug reports
---
reportbug/bugreport.py | 3 +++
reportbug/utils.py | 20 ++++++++++++++++++++
2 files changed, 23 insertions(+)
diff --git a/reportbug/bugreport.py b/reportbug/bugreport.py
index ea835fa..e178a1a 100644
--- a/reportbug/bugreport.py
+++ b/reportbug/bugreport.py
@@ -82,6 +82,7 @@ class bugreport(object):
debinfo = ''
shellpath = utils.realpath('/bin/sh')
init = utils.get_init_system()
+ lsminfo = utils.get_lsm_info()
locinfo = []
langsetting = os.environ.get('LANG', 'C')
@@ -177,6 +178,8 @@ class bugreport(object):
debinfo += 'Shell: /bin/sh linked to %s\n' % shellpath
if init:
debinfo += 'Init: %s\n' % init
+ if lsminfo:
+ debinfo += 'LSM: %s\n' % lsminfo
# Don't include system info for certain packages
if self.sysinfo:
diff --git a/reportbug/utils.py b/reportbug/utils.py
index 8139668..cb4a3d7 100644
--- a/reportbug/utils.py
+++ b/reportbug/utils.py
@@ -1304,3 +1304,23 @@ def get_init_system():
init = 'sysvinit (via /sbin/init)'
return init
+
+def get_lsm_info():
+ """Determines the linux security module enabled on the current machine
+
+ Returns None if there is no LSM enabled on the machine or if the state
+ cannot be determined."""
+
+ lsminfo = None
+ if os.path.exists('/usr/sbin/selinuxenabled') and (subprocess.call(['/usr/sbin/selinuxenabled']) == 0):
+ lsminfo = 'SELinux: enabled - '
+ enforce_status = subprocess.check_output(['/usr/sbin/getenforce']).decode('ascii')
+ lsminfo += 'Mode: %s - ' % enforce_status[:-1]
+ with open('/etc/selinux/config', 'r') as f:
+ lines = f.readlines()
+ for line in lines:
+ if line.startswith('SELINUXTYPE='):
+ lsminfo += 'Policy name: %s' % line.split('=')[1]
+ break
+
+ return lsminfo
--
2.15.0.rc2
