search

ctc-oss / fapolicy-analyzer

Tools to assist with the configuration and management of fapolicyd.
https://ctc-oss.github.io/fapolicy-analyzer
GNU General Public License v3.0
12 stars 5 forks source link

Show trust discrepancies by default #763

Open egbicker opened 1 year ago

egbicker commented 1 year ago

Show trust discrepancies by default in the STDB or a message if store is empty

Closes #520

jw3 commented 1 year ago

@egbicker bunch of conflicts after merging #750

egbicker commented 1 year ago

@jw3 Is there a way to request only untrusted files from the backend?

jw3 commented 1 year ago

Is there a way to request only untrusted files from the backend?

There is not, right now. Is filtering the system trust slow, or do you have some other use case?

egbicker commented 1 year ago

I'm having issues filtering the system trust in the GUI layer while getting a performance increase. It looks like I'm going to have to chop up the system.get("system_trust") object before trying to load anything or else we still go through every entry.

dorschs57 commented 1 year ago

I'm having issues filtering the system trust in the GUI layer while getting a performance increase. It looks like I'm going to have to chop up the system.get("system_trust") object before trying to load anything or else we still go through every entry.

Did you try doing some filtering before a trust entry is put on the queue in the process_trust method in TrustFileList. That's running on a separate thread so the performance hit from the UI standpoint shouldn't be too bad.

egbicker commented 1 year ago

Thanks @dorschs57 I was working in the wrong spot. That does go quicker, now just have to adjust the loading logic to recognize the different number of items

jw3 commented 1 year ago

@egbicker This does not seem to be functioning for me, can you take a look and confirm it is still gtg

egbicker commented 1 year ago

@jw3 What isn't working for you? It seems to be working on my end

egbicker commented 1 year ago

image

jw3 commented 1 year ago

Ok, Perhaps I was just confused by these things lining up

  1. Having a db with no discrepancies
  2. The file count showing zero
  3. Some delay on mouseover of the toggle button (it never showed to be clickable)
egbicker commented 1 year ago

I just saw the same issue with the toggle button not becoming sensitive. I can just have it be sensitive all the time, even on the ATDB page to avoid what must be some sort of lock up since I'm only seeing it stay insensitive sometimes.

jw3 commented 1 year ago

Yeah the sensitivity of the toggle button probably needs adjusted, and needs to consider the state of the trust load.

For example, when I click toggle the first time it starts loading the trust entries into the table, and then when I click it again it doesnt seem to do anything, then if I click again it resets the trust load back to 0%.

Maybe, once you opt-in to trust loading, the toggle button remains is disabled until it is completed?

jw3 commented 1 year ago

Python test failing

fapolicy_analyzer/tests/test_main_window.py ..
(pytest:8736): Gtk-CRITICAL **: 13:41:33.321: gtk_main_quit: assertion 'main_loops != NULL' failed
..............s..........................
fapolicy_analyzer/tests/test_notification.py ..............
fapolicy_analyzer/tests/test_object_list.py .........
fapolicy_analyzer/tests/test_policy_rules_admin_page.py ................Fatal Python error: Segmentation fault

Thread 0x00007f0ea2fc6700 (most recent call first):
  File "/home/runner/work/fapolicy-analyzer/fapolicy-analyzer/fapolicy_analyzer/ui/main_window.py", line 244 in on_next_system
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/core/observer/autodetachobserver.py", line 26 in on_next
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/core/operators/map.py", line 41 in on_next
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/core/observer/autodetachobserver.py", line 26 in on_next
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/subject/behaviorsubject.py", line 52 in _on_next_core
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/core/observer/observer.py", line 26 in on_next
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/subject/subject.py", line 55 in on_next
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/core/observer/autodetachobserver.py", line 26 in on_next
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/core/observer/autodetachobserver.py", line 26 in on_next
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/core/operators/map.py", line 41 in on_next
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/core/observer/autodetachobserver.py", line 26 in on_next
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/internal/concurrency.py", line 16 in inner
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/core/observer/autodetachobserver.py", line 26 in on_next
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/core/observer/autodetachobserver.py", line 26 in on_next
  File "/home/runner/.local/share/virtualenvs/fapolicy-analyzer-Od7Imf31/lib/python3.9/site-packages/rx/core/observer/autodetachobserver.py"Segmentation fault (core dumped)
Error: Process completed with exit code 139.
egbicker commented 1 year ago

@jw3 It seems like the text display on the ATDB screen is causing some non-reproduceable issues. My local tests aren't showing this issue and sometimes the one or both of the 3.6/3.9 tests pass with no real changes.

Update: I'm not seeing any issues running it locally without the test suite either.

jw3 commented 1 year ago

This is bumping back to 1.1. I want more time than we have to see it in action in master.

jw3 commented 1 year ago

@egbicker resolve the conflicts here when you have time and I'll review this again.

egbicker commented 1 year ago

@jw3 Merges are done, tests worked locally. Looks like something happened to the Ubuntu 20.04 repo between when you commented and now.

egbicker commented 1 year ago

@dorschs57 I don't know why the toggle button isn't working, I'm seeing it respond as expected on FC34 and FC38. I did just toss up a fix for the loading jumping from low % to done.

dorschs57 commented 1 year ago

@dorschs57 I don't know why the toggle button isn't working, I'm seeing it respond as expected on FC34 and FC38. I did just toss up a fix for the loading jumping from low % to done.

Your update made it a little better for me. However it still only gets to about 50% and then jumps to completed for me.

I'm still seeing the issue too where the Toggle Display Trust Entries button does not enable after loading. This only happens when I first start start up the application. Here's my steps:

  1. Update my config file at ~/.config/fapolicy-analyzer/config.toml to include 
    [ui]
initial_view = 'trust'
  2. Start application
  3. Toggle the System Trust Database tab
  4. Wait for system trust to load complete
  5. Observe the toggle button is disabled

If I then navigate to another view like Rules and back to the Trust view the button will enable properly after loading is complete.

jw3 commented 1 year ago

Ill give this a run next week and see what I see.

dorschs57 commented 1 year ago

Still seeing some issues here:

  1. percentage still jumps from 55% to done when the trusted files being filtered out.
  2. toggling to show all files works, but then the button is disable and I can't toggle back to just the untrusted files.
  3. when I navigate to a different page my view becomes split with the trust view still showing on the top have and the page I navigated to showing in the bottom half. image
egbicker commented 1 year ago

Something about adding Events to database_admin_pagebroke the dispose condition os I fixed that but I'm no longer seeing either of your first 2 issues on fc34 or 38

jw3 commented 1 year ago

Toggle button state looks good.

Don't see the multi-view issue.

I do see the trust jump.

Peek 2023-06-15 00-27

That seems like a symptom of not reducing the total number of entries that need added to the view.

egbicker commented 1 year ago

Screencast from 2023-06-26 16-14-38.webm

@jw3 Here's what my fc38 rpm loading looks like on a VM with ~8gb of RAM. I wonder if the skip you're seeing is the thread that's doing the file loading going faster than the thread responsible for redrawing the UI? Lines 229-232 in trust_file_list are removing the trusted files not displayed from the total used in calculating the percentage.

Does the loading of the full trust file database have a skip in the middle as well?