[Reportbug-commits] [reportbug] 18/38: Add SELinux status in the bug reports

Sandro Tosi morph at moszumanska.debian.org
Fri Dec 29 04:33:44 UTC 2017 

This is an automated email from the git hooks/post-receive script.

morph pushed a commit to branch master
in repository reportbug.

commit 947659bc335eb72ba3e8e1d6a55e88db9ec4ee79
Author: Laurent Bigonville <bigon at debian.org>
Date:   Sat Oct 7 16:59:01 2017 +0200

    Add SELinux status in the bug reports
    
    This is the first step to add LSM information in the bug reports
---
 reportbug/bugreport.py |  3 +++
 reportbug/utils.py     | 20 ++++++++++++++++++++
 2 files changed, 23 insertions(+)

diff --git a/reportbug/bugreport.py b/reportbug/bugreport.py
index ea835fa..e178a1a 100644
--- a/reportbug/bugreport.py
+++ b/reportbug/bugreport.py
@@ -82,6 +82,7 @@ class bugreport(object):
         debinfo = ''
         shellpath = utils.realpath('/bin/sh')
         init = utils.get_init_system()
+        lsminfo = utils.get_lsm_info()
 
         locinfo = []
         langsetting = os.environ.get('LANG', 'C')
@@ -177,6 +178,8 @@ class bugreport(object):
             debinfo += 'Shell: /bin/sh linked to %s\n' % shellpath
         if init:
             debinfo += 'Init: %s\n' % init
+        if lsminfo:
+            debinfo += 'LSM: %s\n' % lsminfo
 
         # Don't include system info for certain packages
         if self.sysinfo:
diff --git a/reportbug/utils.py b/reportbug/utils.py
index 5e5ec4b..532868a 100644
--- a/reportbug/utils.py
+++ b/reportbug/utils.py
@@ -1304,3 +1304,23 @@ def get_init_system():
         init = 'sysvinit (via /sbin/init)'
 
     return init
+
+def get_lsm_info():
+    """Determines the linux security module enabled on the current machine
+
+    Returns None if there is no LSM enabled on the machine or if the state
+    cannot be determined."""
+
+    lsminfo = None
+    if os.path.exists('/usr/sbin/selinuxenabled') and (subprocess.call(['/usr/sbin/selinuxenabled']) == 0):
+        lsminfo = 'SELinux: enabled - '
+        enforce_status = subprocess.check_output(['/usr/sbin/getenforce']).decode('ascii')
+        lsminfo += 'Mode: %s - ' % enforce_status[:-1]
+        with open('/etc/selinux/config', 'r') as f:
+            lines = f.readlines()
+            for line in lines:
+                if line.startswith('SELINUXTYPE='):
+                    lsminfo += 'Policy name: %s' % line.split('=')[1][:-1]
+                    break
+
+    return lsminfo

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reportbug/reportbug.git

More information about the Reportbug-commits mailing list