4.292. setroubleshoot

Bug Fixes

BZ#541634

Prior to this update, sealert exited with an exit status of 0, indicating success, even though it failed to start. With this update, sealert returns a correct, non-zero exit status when it fails to start.

BZ#624938

Prior to this update, the setroubleshootd man page described an option that was not supported by the setroubleshootd service. This update corrects the man page content by removing the unsupported option.

BZ#625468

Previously, the combination of the -a/--analyze option with another option (for example, sealert -a ./test-audit.log -b caused sealert to not work properly. This bug has been fixed and sealert alerts the user that the -a/--analyze option can not be used with another option.

BZ#627668

Prior to this update, marking an AVC message as ignored using the Ignore button in the SETroubleshoot GUI and, consequently, reproducing that same AVC message, would not ignore that message. With this update, the underlying source code has been modified to address this issue, and ignored AVC messages no longer appear in the SETroubleshoot GUI.

BZ#630788

When SELinux produced an alert, clicking on show to view the alert brought up the sealert browser but showed no alerts. An error message was also logged in /var/log/messages. This was because the /var/lib/setroubleshoot/setroubleshoot_database.xml database contained localized content which could not be parsed. With this update, the aforementioned database no longer contains localized content, and the sealert browser correctly shows all alerts.

BZ#636420

Prior to this update, the sealert -s or sealert -S commands failed with a segmentation fault when LANG was set to Japanese (LANG=ja-JP). With this update, the underlying source code has been modified to address this issue, and the sealert command no longer fails on localized file analyses.

BZ#674770

Disabling IPv6 could cause AVC messages flooding regarding different confined domains asking the kernel to load the net-pf-10 kernel module. The appropriate setroubleshoot plugin was updated to not display these messages when IPv6 is blacklisted. It is recommended that users disable IPv6 using the /etc/sysctl.conf file. In such a case, AVC messages do not appear at all.

BZ#675154

Installing the setroubleshoot* packages did not require the pygtk2-libglade, even though sealert and setroubleshoot require this package, which caused an "ImportError" exception when running the aforementioned applications. This update fixes the setroubleshoot spec file and adds the pygtk2-libglade dependency.

BZ#692915, BZ#721347

Previously, the setroubleshoot-server package installed the X related packages as a dependency. This update removes this dependency.

BZ#706910

Prior to this update, setroubleshoot used the report library to send problem reports to Bugzilla. To unify configuration for bug reporting, a new library (libreport) was created, which unifies problem reporting in all applications. With this update, setroubleshoot uses the new libreport library for problem reporting.

BZ#730920

This update replaces the setroubleshoot's dependency on report-gtk with libreport-gtk.

BZ#708437

Selecting and copying a string of text in the SEAlert GUI resulted in the full description being copied into the clipboard, rather than just the selected string. With this update, as expected, only the selected string is copied into the clipboard.

BZ#743583

Previously, an incorrect version of the setroubleshoot-plugins package was required by a the new setroubleshoot package which was released with this update.

BZ#717616

The setroubleshoot package has been upgraded to upstream version 3.0.38-2.1, which provides a number of bug fixes and enhancements over the previous version.

BZ#745777

The setroubleshoot-plugins package has been upgraded to upstream version 3.0.16-1, which provides a number of bug fixes and enhancements over the previous version.