| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Indent paragraphs in the UI text to improve readability.
|
|\
| |
| | |
Fix UI text templating
|
| |
| |
| |
| |
| |
| |
| |
| | |
Make sure that the Fedora policy gets a chance to run by checking
for the absence of /etc/fedora-release in the RHEL policy and
fix the inheritance of FedoraPolicy.
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The current boilerplate text in the policy class has inconsistent
formatting and does not make sense with some distribution names
(e.g. Red Hat Enterprise Linux).
Fix this by storing the string in paragraphs and formatting it
with textwrap and adding new tags to make the construction of the
message more flexible:
vendor
vendor_url
vendor_text
tmpdir
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|\
| |
| |
| |
| |
| |
| |
| |
| | |
Add modules for Ubuntu cloud infrastructure
- Azure hypervisor support
- MAAS
- Juju
|
| |\
| |/
|/| |
|
|\ \
| | |
| | | |
Line 243 attempts to access non-imported regex
|
| | |
| | |
| | | |
This was a result from existing unittests.
|
| |/
|/|
| |
| |
| |
| |
| |
| | |
- sos/plugins/azure: Microsoft Azure Agent
- sos/plugins/juju: Ubuntu JUJU
- sos/plugins/maas: Ubuntu MAAS
Signed-off-by: Adam Stokes <hackr@cypherbook.com>
|
|\ \
| |/
|/| |
Include new-line in shell_out
|
|/ |
|
|
|
|
|
|
| |
The TarFileArchive with SELinux does not pass the full test
archive_tests suite. Catch an uncaught exception when stat'ing a
non-existent path and do not allow empty paths in add_parent().
|
|
|
|
|
|
|
|
|
|
| |
Commands run by sos inherit the environment of the user running the
program. This includes locale settings meaning that collected
output is subject to local language, sorting and formatting
customisations that can be undesirable when post-processing or
parsing of the gathered data is required.
Force all external processes to use the 'C' locale.
|
|
|
|
|
|
| |
The TarFileArchive class currently doesn't allow recursive
directory addition using the add_file() interface - disable those
tests for now.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is the start of the archive reworking to address Issue #86.
In this commit the Archive class hierarchy is separated from the
generic code in the utilities module and moved into its own
'archive' module. This is taken from the changes committed to
Jesse's directory_archive branch.
The next step is to decide how we will handle the problems
discovered with the in-line tarfile generation (and similar
problems affecting Zip files) and whether to revert to building
an in-filesystem tree (as Jesse's current branch does) or whether
to fix the problems with in-lining post-processing hooks.
|
|
|
|
|
|
|
|
|
|
|
| |
The method names for collecting external output are ugly and
awkward to type. Rename them to be more consistent with the file
collection API and easier to remember and type.
This change touches virtually every plugin class but is a very
simple search/replace (plugin changes were done with sed).
Fixes Issue #92.
|
|\
| |
| | |
Make Ubuntu/Debian depend on python-selinux (Closed GH:#93)
|
| |
| |
| |
| | |
Signed-off-by: Adam Stokes <hackr@cypherbook.com>
|
|/ |
|
|
|
|
|
|
| |
Colour output was removed from sos a long time ago. Kill off the
remaining opts variable, command line option and documentation
references for increased sanity.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Files in /proc/, /sys/ and other kernel file systems may have read
permissions but not implement a read() syscall. Catch the
exception that occurs when accessing these files.
Fixes Issue #87
|
|
|
|
|
|
|
| |
Fix the relative paths used by the legacy HTML reporting methods
and passed by sosreport to the new Report class.
Fixes Issue #88
|
|
|
|
|
|
|
| |
Since /lib/systemd contains binaries don't collect the whole thing.
Grab /lib/systemd/sysem and /lib/systemd/user as these contain
unit files and symlinks but just take a directory listing for
/lib/systemd itself and the other subdirectories.
|
|
|
|
|
| |
The pam module collects a list of files in /lib/modules which may
be empty on 64-bit systems. Collect both possible paths.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The logic to ensure we have a proper tar record for each directory
in the path of files collected with addCopySpec*() ends up
generating lots of duplicate calls to add_file(). Filter them out
by checking for the existence of the new destination in
tarfile.getnames().
This reduces peak resident memory consumption by 50-75% and cuts
run times by 50-66%.
Related to Issue #81
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add profiling calls around the regex substitution methods.
Shows that substitution costs are considerable compared to copy:
copied: /root/anaconda-ks.cfg time: 0.002293
copied: /var/log/anaconda/anaconda.log time: 0.002204
copied: /var/log/anaconda/syslog time: 0.002709
copied: /var/log/anaconda/anaconda.packaging.log time: 0.002658
copied: /var/log/anaconda/ks-script-YGuewK.log time: 0.002483
copied: /var/log/anaconda/anaconda.program.log time: 0.002416
copied: /var/log/anaconda/anaconda.storage.log time: 0.002263
copied: /var/log/anaconda/anaconda.xlog time: 0.002299
copied: /var/log/anaconda/anaconda.ifcfg.log time: 0.002461
copied: /var/log/anaconda/ks-script-kdAaa4.log time: 0.002558
subst : /root/anaconda-ks.cfg time: 0.021056
I.e. subsituting one file is on average eight times more costly
than simple collection.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Distributions that have moved to reduced capabilities and replaced
suid and sgid binaries with fscaps have tightened the permissions
on several standard system paths. For e.g.:
dr-xr-xr-x. 18 root root 4096 Nov 23 19:04 /
-rw-r--r--. 1 root root 1174 Dec 11 18:05 /etc/passwd
----------. 1 root root 742 Dec 11 18:05 /etc/shadow
dr-xr-x---. 8 root root 4096 Dec 12 19:06 /root
Processes that need to write to these paths on the host system
must possess cap_dac_override in order to work but in the archive
this creates problems when unpacking the archive without this
capability.
For files this is not a problem since the user only requires write
permissions to the containing directory to remove the file. For
directories it causes real problems for unprivileged users working
with sosreport archives.
This includes problems unpacking the archive (since directories
are created without write permissions causing subsequent file
creation beneath that path to fail) as well as problems cleaning
up archives as a typical 'rm -rf' fails to remove these paths.
These problems make it impossible to create archives that are both
failthful to the host system and easy to work with for typical
analysis users. Ultimately this may necessitate dropping permission
preservation in the archive and instead storing these (and other
information like ACLs and SELinux context) in files within the
archive instead).
Works around Issue #85
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we don't log anything when applying file or command
output regex substitutions and any errors are silently discarded.
This could cause a user to think that passwords etc. have been
obscured when in fact they have not.
Log our intent to substitute at debug level and log any exception
at error level along with the path or glob, module and exception
text.
Fixes Issue #84
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Re-organise the sunrpc module so that the service check is in the
base (Plugin-derived) class but uses a service string defined only
in the subclasses. This allows the same checkenabled() to be used
for any policy that implements the needed runlevelByService() API.
This can serve as a prototype for a generic enabled-by-service
facility (mimicking existing files and packages checks) although
it currently needs considerable work to review and revise the
service and runlevel interfaces in the policy modules.
Related to Issue #77
|
|
|
|
|
| |
The previous commit introduced a paths list for the module to
collect but did not use it: fix the addCopySpecs call.
|
|
|
|
|
| |
Update the anaconda module to support new log locations in recent
versions.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 179d9bb introduced a regression in the TarFileArchive
class:
(Pdb) bt
/usr/sbin/sosreport(23)<module>()
-> main(sys.argv[1:])
/usr/lib/python2.7/site-packages/sos/sosreport.py(908)main()
-> sos.execute()
/usr/lib/python2.7/site-packages/sos/sosreport.py(901)execute()
-> return self.final_work()
/usr/lib/python2.7/site-packages/sos/sosreport.py(773)final_work()
-> self._finish_logging()
/usr/lib/python2.7/site-packages/sos/sosreport.py(376)_finish_logging()
-> self.archive.add_file(self.sos_log_file.name,
dest=os.path.join('sos_logs', 'sos.log'))
/usr/lib/python2.7/site-packages/sos/utilities.py(280)add_file()
-> self.tarfile.addfile(tar_info, fileobj)
/usr/lib64/python2.7/tarfile.py(2015)addfile()
-> buf = tarinfo.tobuf(self.format, self.encoding, self.errors)
/usr/lib64/python2.7/tarfile.py(996)tobuf()
-> return self.create_gnu_header(info)
/usr/lib64/python2.7/tarfile.py(1027)create_gnu_header()
-> return buf + self._create_header(info, GNU_FORMAT)
/usr/lib64/python2.7/tarfile.py(1112)_create_header()
-> itn(info.get("mtime", 0), 12, format),
> /usr/lib64/python2.7/tarfile.py(212)itn()
-> raise ValueError("overflow in number field")
The tarinfo mtime field is a float but the pax headers take a
string-encoded value. The tarinfo field was inadvertently converted to
a formatted string.
The problem is hard to track down because it's not always triggered;
the bug depends on the value of the string-encoded mtime date.
|
|
|
|
|
| |
Collect a list of files and directories under /var/lib using ls -lR
and tree (if available).
|
|
|
|
|
| |
Collect output of ibstat, ibstatus, ibhosts and the opensm and
openib configuration files.
|
| |
|
|
|
|
| |
Collect the ACPI tables present on the host system
|
|
|
|
|
| |
Add a module to collect SysV IPC related information. Collect the
files in /proc/sysvipc/* as well as the traditional ipcs -a output.
|
|
|
|
|
| |
Add additional iscsiadm command collection to the iscsi module
and check for the iscsi-initiator-utils package on Red Hat systems.
|
|
|
|
|
|
|
| |
The analyze() methods haven't been used since commit 6ea48cb and
their functonality has now been moved or removed in all modules.
Delete the last bits of wiring and docs references.
|
|
|
|
|
|
| |
Complete the removal of the diagnose functionality by removing the
methods in the Plugin class and sosreport module, command line
options and documentation.
|
|
|
|
|
| |
The yum module's analyze method is pretty useless. It just checks
for extra /etc/yum.repos.d files on RHEL systems. Delete it.
|
|
|
|
|
|
|
|
|
| |
The analyze methods are no longer used and the kernel module's
regex-table based taint checking is kinda klunky and a maintenance
problem.
Delete this code but collect the initstate, refcnt and taint files
from /sys/modules/*.
|
|
|
|
|
|
|
|
|
|
|
|
| |
The analyze machinery hasn't been hooked up since commit 6ea48cb.
The use of these methods has also not been especially clear: some
modules trigger additional file/command collection here while
others only add alerts (the original purpose of analyze()). Other
module call the addAlert() interface from their setup() method.
Move the SELinux module's analyze functionality into the main
setup() method but make it conditional on setroubleshoot being
installed as it's necessary for the current implementation.
|
|
|
|
|
|
| |
Delete the diagnose() methods from all modules still using it.
The diagnostics feature never worked well and is better implemented
to run after-the-fact on the data collected in the tarball.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Storing a (correct) SELinux context for files in procfs and sysfs
leads to tonnes of ugly spew when the tarball is unpacked as these
contexts are not permitted on "normal" file systems:
tar: sosreport-rhel7-vm1-20121210145629/proc/sys/vm: Cannot setfilecon: Permission denied
tar: sosreport-rhel7-vm1-20121210145629/proc/sys/vm/percpu_pagelist_fraction: Cannot setfilecon: Permission denied
tar: sosreport-rhel7-vm1-20121210145629/proc/sys/vm: Cannot setfilecon: Permission denied
tar: sosreport-rhel7-vm1-20121210145629/proc/sys/vm/scan_unevictable_pages: Cannot setfilecon: Permission denied
Etc.
Check for these path prefixes in TarFileArchive.add_file() and skip
generating a pax header for them.
This isn't a perfect fix; it may be better to move this up to a
higer layer (i.e. within the Plugin class's file handling routines)
and also to filter by context rather than path (since SELinux
contexts are a property of an inode not a path and a user could
mount these file systems at other locations).
This partially fixes Issue #79 but I'll keep it open for the time
being to track these improvements.
|