From db3f4cf56bb8f8782ada99df64f435decf5c99fa Mon Sep 17 00:00:00 2001 From: Arif Ali Date: Fri, 9 Feb 2024 19:54:52 +0000 Subject: [PATCH] [lxd] Fix predicate for lxc commands collection for snap The list of modules was too broad, and depending on the different attributes configured the list of modules to be loaded could also be different. Liaising with the LXD team suggested to check for the `snap.lxd.daemon` service rather then the modules to collect `lxd.buginfo`. This is due to the fact that LXD is socket activated, and running any lxd based command could start the service and hence load the modules. Gating this with either the `snap.lxd.daemon` for snap or `lxd` service for debs respectively should prevent this from happening. This also no obfuscates the certificate that is retrieved from `lxd.buginfo` Resolves: SET-377 Signed-off-by: Arif Ali --- sos/report/plugins/lxd.py | 30 ++++++++++-------------------- 1 file changed, 10 insertions(+), 20 deletions(-) diff --git a/sos/report/plugins/lxd.py b/sos/report/plugins/lxd.py index 994092e88a..6df20dffd8 100644 --- a/sos/report/plugins/lxd.py +++ b/sos/report/plugins/lxd.py @@ -18,31 +18,16 @@ class LXD(Plugin, UbuntuPlugin): profiles = ('container',) packages = ('lxd',) commands = ('lxc', 'lxd',) + services = ('snap.lxd.daemon', 'snap.lxd.activate') def setup(self): - lxd_kmods = [ - 'bpfilter', - 'ebtable_filter', - 'ebtables', - 'ip6table_filter', - 'ip6table_mangle', - 'ip6table_nat', - 'ip6table_raw', - 'ip6_tables', - 'iptable_filter', - 'iptable_mangle', - 'iptable_nat', - 'iptable_raw', - 'nf_nat', - 'nf_tables', - ] - - lxd_pred = SoSPredicate(self, kmods=lxd_kmods, - required={'kmods': 'all'}) - lxd_pkg = self.policy.package_manager.pkg_by_name('lxd') if lxd_pkg and lxd_pkg['pkg_manager'] == 'snap': + + lxd_pred = SoSPredicate(self, services=['snap.lxd.daemon'], + required={'services': 'all'}) + self.add_cmd_output("lxd.buginfo", pred=lxd_pred) self.add_copy_spec([ @@ -62,6 +47,8 @@ def setup(self): '/var/snap/lxd/common/lxd/logs/**', ]) else: + lxd_pred = SoSPredicate(self, services=['lxd'], + required={'services': 'all'}) self.add_copy_spec([ "/etc/default/lxd-bridge", "/var/log/lxd/*" @@ -79,4 +66,7 @@ def setup(self): "find /var/lib/lxd -maxdepth 2 -type d -ls", ], suggest_filename='var-lxd-dirs.txt') + def postproc(self): + self.do_cmd_private_sub('lxd.buginfo') + # vim: set et ts=4 sw=4 :