([Qh>ddlZddlZddlmZddlmZddlmZddl m Z ddl m Z ddl mZddlmZdd lmZdd lmZmZmZmZd Zd Zd ZGddeZGddeZy)N)_sos)Policy) InitSystem) SystemdInit)CrioContainerRuntime)PodmanContainerRuntime)DockerContainerRuntime)LxdContainerRuntime) shell_out is_executableboldsos_get_command_outputz/etc/os-release containerHOSTc&eZdZdZdZdZdZdZdZdZ dZ dZ dZ dZ dZdZdZdZd ZdZdZ d!fd Zed Zed"d Zd ZdZdZdZdZdZedZedZ edZ!dZ"dZ#dZ$dZ%dZ&dZ'dZ(dZ)d#dZ*dZ+d Z,xZ-S)$ LinuxPolicyzfThis policy is meant to be an abc class that provides common implementations used in Linux distrosNonez/bin:/sbin:/usr/bin:/usr/sbinNdockerFz/usr/binzsos-collector-tmpct|||||r||_n|jxsd|_|j |||_nJt jjdrt|j|_nt|_i|_ |jr$t|t|t|t!|g}|D]}|j#s||j|j$<|j$|j&k(r&|j|j$|jd<|j|j$j)|jrRd|jvrCt+|jj-}|j|d|jd<yyyy)N)sysroot probe_runtime remote_exec/z/run/systemd/system/)chroot)policydefaultr)super__init__r_container_initinit_kernel_modules init_systemospathisdirrrruntimesrrr rr check_is_activenamedefault_container_runtimeload_container_infolistkeys) selfrinitrr_crunruntimeidx __class__s ?/usr/lib/python3/dist-packages/sos/policies/distros/__init__.pyrzLinuxPolicy.__init__;s '4%0  2 "DL//18SDL   "  #D  WW]]1 2*$,,?D )|D    &d3&d3$D1#40 E ! F**,29DMM',,/||t'E'EE37==3N i0MM',,/CCE  F}}$--!?4==--/0+/==Q+@ i( "@} c ddgS)Nz /etc/passwdz /etc/shadow)clss r3set_forbidden_pathszLinuxPolicy.set_forbidden_pathsds    r4cfd}|r||Stjjjrqtjj jtjj tjj jk(ryt tdd5}||jcdddS#1swYyxYw)| This function is responsible for determining if the underlying system is supported by this policy. cjg}jr|jj|jD]@}|j ds|j ddddj d}||vs@yy)N)zNAME=zID==rz"'TF)os_release_name os_release_idappend splitlines startswithsplitstrip)content_matchesline_distror7s r3_check_releasez)LinuxPolicy.check.._check_releaseqs++,H   1 12**, $??#34"jjoab1!4::5AG(*#  $ r4Trutf-8encodingN) r#r$isfileos_release_filebasenamerealpathopen OS_RELEASEread)r7remoterIfs` r3checkzLinuxPolicy.checkks  !&) ) GGNN3.. / GG  S00 177##BGG$4$4S5H5H$IJ K *cG 4 ,!!&&(+ , , ,s =CC&c|jSN)releaser-s r3kernel_versionzLinuxPolicy.kernel_version ||r4c|jSrY)hostnamer[s r3 host_namezLinuxPolicy.host_names }}r4c|jSrY)smpr[s r3 is_kernel_smpzLinuxPolicy.is_kernel_smps xxr4c|jSrY)machiner[s r3get_archzLinuxPolicy.get_archr]r4c"|jS)z)Returns the name usd in the pre_work step)r`r[s r3get_local_namezLinuxPolicy.get_local_names~~r4c0tjdd|S)Nz[^-a-z,A-Z.0-9]r)resub)r-r(s r3sanitize_filenamezLinuxPolicy.sanitize_filenamesvv("d33r4c|tk(r|j|y|j|jd|j |y)Nz Distribution Policy)rdisplay_self_help set_titler>display_distro_helpr7sections r3 display_helpzLinuxPolicy.display_helpsC +   ! !' *   !4!4 55IJ K  # #G ,r4cH|jd|jdy)NzSoS Distribution PolicieszDistributions supported by SoS will each have a specific policy defined for them, to ensure proper operation of SoS on those systems.)roadd_textrqs r3rnzLinuxPolicy.display_self_helps$56  r4c `|jr8|jtjur|j|jn|jd|ddd}|jd|j|jd|jd|jd|j d|j d}|jD]$}|jdd |d d |d d d&|j d}|jtdd dddddd d|jjD]W\}}dj|jj}|jdd |d|jd|d dYy)Nz; Detailed help information for this policy is not availableFzDefault --upload location: zDefault container runtime: )newlinez $PATH used when running report: zReference URLs z>8rz<30r=z<40z#Presets Available With This Policy z Preset Namez<20 Descriptionz<45zEnabled Options)__doc__rru _upload_urlr)PATH add_section vendor_urlsr presetsitemsjoinoptsto_argsdesc) r7rr_polrefsecurlpresecpresetvalue_optss r3rpzLinuxPolicy.display_distro_helps ;;3;;k.A.AA   S[[ )   N  4u%)$*:*:); <  )$*H*H)I J   .tyyk :  $$%56?? PC OOs2hs1vcl3q6#,?O O P$$%KL r(=-mC-@$S)+   "\\//1 MFEHHUZZ//12E OOr(6#,uzz#&6uSkB   r4cttjvrtjtdvrd|_ttjvrutjtsytj j tjt|jz|_tjtSy)zCheck if sos is running in a container and perform container specific initialisation based on ENV_HOST_SYSROOT. )rocipodmanTN) ENV_CONTAINERr#environ _in_containerENV_HOST_SYSROOTr$abspath_tmp_dirr[s r3r zLinuxPolicy._container_inits BJJ &zz-(,GG%)"#rzz1::&67#$&GGOO #34t}}D%DM::&677r4cg|_tjj}t dd|j j }|jj|ddDcgc]#}|jdj%c}|jd|d} t|dd 5}|D]C}|jd d jd d}|jj|E dddddd}d|d|df} | D]6} |j| } tj j#| s4| } n|jjdyg} t| dd 5} | D]*}d|vs| j|jdd, ddd|j%D]%\} }|| vs |jj| 'ycc}w#1swYxYw#t$r)}|jjd|Yd}~(d}~wwxYw#1swYxYw#t$r(}|jjd|Yd}~d}~wwxYw)zxObtain a list of loaded kernel modules to reference later for plugin enablement and SoSPredicate checks lsmodr)timeoutrr=Nz/usr/lib/modules/z/modules.builtinrJrKrLrz.koz Unable to read kernel builtins: CONFIG_NET_DEVLINKCONFIG_BLK_DEV_DM)devlinkdm_modz /boot/config-z /lib/modules/z/configz#Unable to find booted kernel configz=yz%Unable to read booted kernel config: ) kernel_modsr#unamerZr rrAextendrCrD join_sysrootrRr@IOErrorsoslogwarningr$existsr)r-rZlinesrGbuiltinsmfilekmoderrconfig_stringskconfigskconfig booted_configkfilebuiltinrs r3r!zLinuxPolicy.init_kernel_moduless((*$$'1T\\BMMO 05ab ! (,DJJLO ! ! #!  $$y(8 9  Jhg6 2%!2D::c?2.44U;A>D$$++D12 2,)  G9 %G9G ,   G''0Gww~~g& '    KK   E F  OmS7; =u!=Dt|  4(8(;<= =-224 1NGU   ''0 1]!  2 2 J KK  "B3% H I I J4 = = O KK  "Gu M N N Osm((G7-H;A G<H7I  H=%H=6I <HH H:H55H:=II I:I55I:c|jrH|jdk7r9tjj|j|j d}|S)Nr)rr#r$rlstrip)r-r$s r3rzLinuxPolicy.join_sysroot#s: <?D r4c|jd}|jr|j|j||_y)N cmdlineopts)commons low_priority_configure_low_priorityprompt_for_case_idcase_idr- cmdline_optss r3pre_workzLinuxPolicy.pre_work(s;||M2  $ $  ( ( *..|< r4c|js1|js%|jstt d|_|jr |jnd|_|jS)NzNOptionally, please enter the case id that you are generating this report for: r)batchquietrinput_rs r3rzLinuxPolicy.prompt_for_case_id3sc!!""''',56( $  $++&( ||r4ctj}tdr_td|d}|ddk(r|jj dnFd|d d |dd }|jj |n|jjd  tjd |jj dy#t$r(}|jj d|Yd}~yd}~wwxYw)ayUsed to constrain sos to a 'low priority' execution, potentially letting individual policies set their own definition of what that is. By default, this will attempt to assign sos to an idle io class via ionice if available. We will also renice our own pid to 19 in order to not cause competition with other host processes for CPU time. ionicezionice -c3 -p )rstatusrzSet IO class to idlez Error setting IO class to idle: outputz (exit code )zNWarning: unable to constrain report to idle IO class: ionice is not available.zSet niceness of report to 19z%Error setting report niceness to 19: N) r#getpidr rrinfoerrorui_logrnice Exception)r-_pidretmsgrs r3rz#LinuxPolicy._configure_low_priority@syy{  "( 'C8}!   !789#h-I%%(]O16 !!#& KK  +   M GGBK KK  ; < M KK   EcUK L L Ms0C C=C88C=cy)zIf sos report commands need to always be prefixed with something, for example running in a specific container image, then it should be defined here. If no prefix should be set, return an empty string instead of None. rr6r[s r3set_sos_prefixzLinuxPolicy.set_sos_prefix_sr4cy)zcIf a host requires additional cleanup, the command should be set and returned here rr6r[s r3set_cleanup_cmdzLinuxPolicy.set_cleanup_cmdhsr4cy)aIReturns the command that will create the container that will be used for running commands inside a container on hosts that require it. This will use the container runtime defined for the host type to launch a container. From there, we use the defined runtime to exec into the container's namespace. :param image: The name of the image if not using the policy default :type image: ``str`` or ``None`` :param auth: The auth string required by the runtime to pull an image from the registry :type auth: ``str`` or ``None`` :param force_pull: Should the runtime forcibly pull the image :type force_pull: ``bool`` :returns: The command to execute to launch the temp container :rtype: ``str`` rr6)r-imageauth force_pulls r3create_sos_containerz LinuxPolicy.create_sos_containeros*r4c8|jd|jS)aRestarts the container created for sos collect if it has stopped. This is called immediately after create_sos_container() as the command to create the container will exit and the container will stop. For current container runtimes, subsequently starting the container will default to opening a bash shell in the container to keep it running, thus allowing us to exec into it again. z start container_runtimesos_container_namer[s r3restart_sos_containerz!LinuxPolicy.restart_sos_containers#(()1H1H0IJJr4cZ|jr|jd|jd|S|S)aReturns the command that allows us to exec into the created container for sos collect. :param cmd: The command to run in the sos container :type cmd: ``str`` :returns: The command to execute to run `cmd` in the container :rtype: ``str`` z exec rxr)r-cmds r3format_container_commandz$LinuxPolicy.format_container_commands<  ! !--.fT5L5L4MQe  r4)NNTNr)NNF).__name__ __module__ __qualname__rzvendorr|r.rOr>r?r{r)_preferred_hash_name containerizedcontainer_imagesos_path_strip sos_pkg_name sos_bin_pathrcontainer_version_commandcontainer_authfiler classmethodr8rWr\r`rcrfrhrlrsrnrpr r!rrrrrrrrr __classcell__)r2s@r3rr#s.- F *D DOOMK (MONLL, $>B!'AR  ,,8 4--  ((T"91v = M>. Kr4rc0eZdZdZdgZdZdZeddZy)GenericLinuxPolicyzThis Policy will be returned if no other policy can be loaded. This should allow for IndependentPlugins to be executed on any system)zUpstream Projectz https://github.com/sosreport/sosSoSaSoS was unable to determine that the distribution of this system is supported, and has loaded a generic configuration. This may not provide desired behavior, and users are encouraged to request a new distribution-specifc policy at the GitHub project above. ct)r:)NotImplementedError)r7rUs r3rWzGenericLinuxPolicy.checks "!r4Nr) rrrrzr~r vendor_textrrWr6r4r3rrs3HLLK Frs\ 09;??933  }&}@ ""r4