New optional data collection for SELinux plug-in

The SELinux plug-in can now optionally collect object lists from
the semanage command. Since this command loads the SELinux python
run time (~4s/command) it can add considerably to the overall run
time of sosreport - for this reason these commands are disabled by
default and may be enabled via the selinux.list option:

 # sosreport -k selinux.list

With the option turned on we also collect:

  semanage fcontext -l
  semanage login -l
  semanage port -l
  semanage user -l

Signed-off-by: Bryn M. Reeves <bmr@redhat.com>

1 files changed, 10 insertions, 3 deletions

diff --git a/sos/plugins/selinux.py b/sos/plugins/selinux.py
index 699e5ff6..b7deae5a 100644
--- a/sos/plugins/selinux.py
+++ b/sos/plugins/selinux.py
@@ -20,16 +20,23 @@ class SELinux(Plugin, RedHatPlugin):
 
     plugin_name = 'selinux'
 
-    option_list = [("fixfiles", 'Print incorrect file context labels', 'slow', False)]
+    option_list = [("fixfiles", 'Print incorrect file context labels', 'slow', False),
+                   ("list", 'List objects and their context', 'slow', False)]
     packages = ('libselinux',)
 
     def setup(self):
         # sestatus is always collected in check_enabled()
         self.add_copy_spec("/etc/selinux")
-        if self.get_option('fixfiles'):
-            self.add_cmd_output("fixfiles -v check")
         self.add_cmd_output("sestatus -b")
+        self.add_cmd_output("semodule -l")
         self.add_cmd_output("selinuxdefcon root")
         self.add_cmd_output("selinuxconlist root")
         self.add_cmd_output("selinuxexeccon /bin/passwd")
+        if self.get_option('fixfiles'):
+            self.add_cmd_output("fixfiles -v check")
+        if self.get_option('list'):
+            self.add_cmd_output("semanage fcontext -l")
+            self.add_cmd_output("semanage user -l")
+            self.add_cmd_output("semanage login -l")
+            self.add_cmd_output("semanage port -l")