From 3fd1db913f35eccb35fd63c98f2b381ad270cccd Mon Sep 17 00:00:00 2001 From: Jake Hunsaker Date: Thu, 18 Jun 2020 11:28:52 -0400 Subject: [report] Drop non-root framework by adding root_required check Adds a check on a per-component basis for if that component requires root permissions to run. By default, SoSComponent sets this value to `False`, so set it explicitly to `True` for `SoSReport`. Closes: #1989 Resolves: #2126 Signed-off-by: Jake Hunsaker --- sos/__init__.py | 7 +++++-- sos/component.py | 1 + sos/report/__init__.py | 7 +------ sos/report/plugins/__init__.py | 4 ---- sos/report/plugins/gnocchi.py | 2 -- sos/report/plugins/openstack_aodh.py | 3 --- 6 files changed, 7 insertions(+), 17 deletions(-) diff --git a/sos/__init__.py b/sos/__init__.py index e11dd103..a5c69ca0 100644 --- a/sos/__init__.py +++ b/sos/__init__.py @@ -16,6 +16,7 @@ gettext to internationalize messages. """ __version__ = "3.9" +import os import sys from argparse import ArgumentParser @@ -168,8 +169,10 @@ class SoS(): if _com not in self._components.keys(): print("Unknown subcommand '%s' specified" % _com) try: - self._component = self._components[_com][0](self.parser, self.args, - self.cmdline) + _to_load = self._components[_com][0] + if _to_load.root_required and not os.getuid() == 0: + raise Exception("Component must be run with root privileges") + self._component = _to_load(self.parser, self.args, self.cmdline) except Exception as err: print("Could not initialize '%s': %s" % (_com, err)) if self.args.debug: diff --git a/sos/component.py b/sos/component.py index f26b1837..0b0b7914 100644 --- a/sos/component.py +++ b/sos/component.py @@ -48,6 +48,7 @@ class SoSComponent(): arg_defaults = {} configure_logging = True load_policy = True + root_required = False _arg_defaults = { "batch": False, diff --git a/sos/report/__init__.py b/sos/report/__init__.py index 2c62bf61..16f7f2aa 100644 --- a/sos/report/__init__.py +++ b/sos/report/__init__.py @@ -72,6 +72,7 @@ class SoSReport(SoSComponent): """ desc = "Collect files and command output in an archive" + root_required = True arg_defaults = { 'alloptions': False, @@ -494,12 +495,6 @@ class SoSReport(SoSComponent): self._skip(plugin_class, _("does not validate")) continue - if plugin_class.requires_root and not self._is_root: - self.soslog.info(_("plugin %s requires root permissions" - "to execute, skipping") % plug) - self._skip(plugin_class, _("requires root")) - continue - # plug-in is valid, let's decide whether run it or not self.plugin_names.append(plugbase) diff --git a/sos/report/plugins/__init__.py b/sos/report/plugins/__init__.py index 20857ecd..b8db7a63 100644 --- a/sos/report/plugins/__init__.py +++ b/sos/report/plugins/__init__.py @@ -379,9 +379,6 @@ class Plugin(object): this if you are defining multiple plugins that do the same thing on different platforms. - requires_root is a boolean that specifies whether or not sosreport should - execute this plugin as a super user. - version is a string representing the version of the plugin. This can be useful for post-collection tooling. @@ -396,7 +393,6 @@ class Plugin(object): """ plugin_name = None - requires_root = True version = 'unversioned' packages = () files = () diff --git a/sos/report/plugins/gnocchi.py b/sos/report/plugins/gnocchi.py index d2658066..9a3e4c9c 100644 --- a/sos/report/plugins/gnocchi.py +++ b/sos/report/plugins/gnocchi.py @@ -20,8 +20,6 @@ class Gnocchi(Plugin): profiles = ('openstack', 'openstack_controller') - requires_root = False - def setup(self): self.add_copy_spec([ "/etc/gnocchi/*", diff --git a/sos/report/plugins/openstack_aodh.py b/sos/report/plugins/openstack_aodh.py index f197c839..86d24ee2 100644 --- a/sos/report/plugins/openstack_aodh.py +++ b/sos/report/plugins/openstack_aodh.py @@ -20,9 +20,6 @@ class OpenStackAodh(Plugin, RedHatPlugin): profiles = ('openstack', 'openstack_controller') packages = ('openstack-selinux',) - - requires_root = False - var_puppet_gen = "/var/lib/config-data/puppet-generated/aodh" def setup(self): -- cgit