From 4d0b60593b12605c935169c75ec1a6982b6930d8 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 28 Mar 2023 11:33:50 +0000 Subject: [PATCH] import pcp-6.0.1-4.el9 --- .gitignore | 2 +- .pcp.metadata | 2 +- ...illa-1981886-pmdasockets-backporting.patch | 459 ------------------ ...-bugzilla-2059461-pmie-systemd-fixup.patch | 11 - ...-bugzilla-2059463-pmdapostfix-harden.patch | 146 ------ ...ugzilla-2081262-pmdaproc-cgroups-fix.patch | 44 -- ...t-bugzilla-2117074-ppc_arm_vmlinux.h.patch | 88 ++++ ...-bugzilla-2117074-vendored_vmlinux.h.patch | 19 + SPECS/pcp.spec | 210 ++++---- 9 files changed, 231 insertions(+), 750 deletions(-) delete mode 100644 SOURCES/redhat-bugzilla-1981886-pmdasockets-backporting.patch delete mode 100644 SOURCES/redhat-bugzilla-2059461-pmie-systemd-fixup.patch delete mode 100644 SOURCES/redhat-bugzilla-2059463-pmdapostfix-harden.patch delete mode 100644 SOURCES/redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch create mode 100644 SOURCES/redhat-bugzilla-2117074-ppc_arm_vmlinux.h.patch create mode 100644 SOURCES/redhat-bugzilla-2117074-vendored_vmlinux.h.patch diff --git a/.gitignore b/.gitignore index 052fd3e..de3f2f2 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/pcp-5.3.7.src.tar.gz +SOURCES/pcp-6.0.1.src.tar.gz diff --git a/.pcp.metadata b/.pcp.metadata index e64a399..311607a 100644 --- a/.pcp.metadata +++ b/.pcp.metadata @@ -1 +1 @@ -a0a05bf501b016cb859fb211ae60ce18be2bbd99 SOURCES/pcp-5.3.7.src.tar.gz +4f405e26a6c651b2f094134e0648cd5fd201d310 SOURCES/pcp-6.0.1.src.tar.gz diff --git a/SOURCES/redhat-bugzilla-1981886-pmdasockets-backporting.patch b/SOURCES/redhat-bugzilla-1981886-pmdasockets-backporting.patch deleted file mode 100644 index bdcc5d4..0000000 --- a/SOURCES/redhat-bugzilla-1981886-pmdasockets-backporting.patch +++ /dev/null @@ -1,459 +0,0 @@ -diff --git a/qa/1927 b/qa/1927 -new file mode 100755 -index 000000000..46afa9509 ---- /dev/null -+++ b/qa/1927 -@@ -0,0 +1,88 @@ -+#!/bin/sh -+# PCP QA Test No. 1927 -+# Exercise the sockets PMDA Install/Remove and string metric bug. -+# -+# Copyright (c) 2022 Red Hat. All Rights Reserved. -+# -+ -+seq=`basename $0` -+echo "QA output created by $seq" -+ -+# get standard environment, filters and checks -+. ./common.product -+. ./common.filter -+. ./common.check -+ -+[ -f $PCP_PMDAS_DIR/sockets/pmdasockets ] || _notrun "sockets pmda not installed" -+ -+_cleanup() -+{ -+ cd $here -+ $sudo rm -rf $tmp $tmp.* -+} -+ -+status=0 # success is the default! -+$sudo rm -rf $tmp $tmp.* $seq.full -+ -+_filter_sockets() -+{ -+ grep -v 'No value(s) available' -+} -+ -+pmdasockets_remove() -+{ -+ echo -+ echo "=== remove sockets agent ===" -+ $sudo ./Remove >$tmp.out 2>&1 -+ _filter_pmda_remove <$tmp.out -+} -+ -+pmdasockets_install() -+{ -+ # start from known starting points -+ cd $PCP_PMDAS_DIR/sockets -+ $sudo ./Remove >/dev/null 2>&1 -+ -+ echo -+ echo "=== sockets agent installation ===" -+ $sudo ./Install $tmp.out 2>&1 -+ cat $tmp.out >>$here/$seq.full -+ # Check sockets metrics have appeared ... X metrics and Y values -+ _filter_pmda_install <$tmp.out \ -+ | sed \ -+ -e 's/[0-9][0-9]* warnings, //' \ -+ | $PCP_AWK_PROG ' -+/Check network.persocket metrics have appeared/ { -+ if ($7 >= 50 && $7 <= 99) $7 = "X" -+ if ($10 >= 0) $10 = "Y" -+ } -+ { print }' -+} -+ -+_prepare_pmda sockets -+# note: _restore_auto_restart pmcd done in _cleanup_pmda() -+trap "_cleanup_pmda sockets; exit \$status" 0 1 2 3 15 -+ -+_stop_auto_restart pmcd -+ -+# real QA test starts here -+pmdasockets_install -+ -+# pmcd should have been started by the Install process - check -+if pminfo -v network.persocket > $tmp.info 2> $tmp.err -+then -+ : -+else -+ echo "... failed! ... here is the Install log ..." -+ cat $tmp.out -+fi -+cat $tmp.info $tmp.err | _filter_sockets -+ -+echo "Check the values for v6only metric are 0 or 1 ..." -+pminfo -f network.persocket.v6only | egrep -v 'value [01]$' | sed -e '/^$/d' -+ -+pmdasockets_remove -+status=0 -+ -+# success, all done -+exit -diff --git a/qa/1927.out b/qa/1927.out -new file mode 100644 -index 000000000..2ae4385fd ---- /dev/null -+++ b/qa/1927.out -@@ -0,0 +1,17 @@ -+QA output created by 1927 -+ -+=== sockets agent installation === -+Updating the Performance Metrics Name Space (PMNS) ... -+Terminate PMDA if already installed ... -+[...install files, make output...] -+Updating the PMCD control file, and notifying PMCD ... -+Check network.persocket metrics have appeared ... X metrics and Y values -+Check the values for v6only metric are 0 or 1 ... -+network.persocket.v6only -+ -+=== remove sockets agent === -+Culling the Performance Metrics Name Space ... -+network.persocket ... done -+Updating the PMCD control file, and notifying PMCD ... -+[...removing files...] -+Check network.persocket metrics have gone away ... OK -diff --git a/qa/group b/qa/group -index acfc5d208..846c0c4bd 100644 ---- a/qa/group -+++ b/qa/group -@@ -1967,6 +1967,7 @@ x11 - 1901 pmlogger local - 1902 help local - 1914 atop local -+1927 pmda.sockets local - 1937 pmlogrewrite pmda.xfs local - 1955 libpcp pmda pmda.pmcd local - 1956 pmda.linux pmcd local -diff --git a/src/pmdas/linux_sockets/pmda.c b/src/pmdas/linux_sockets/pmda.c -index d10eacf29..5a3018d8a 100644 ---- a/src/pmdas/linux_sockets/pmda.c -+++ b/src/pmdas/linux_sockets/pmda.c -@@ -1,7 +1,7 @@ - /* - * Sockets PMDA - * -- * Copyright (c) 2021 Red Hat. -+ * Copyright (c) 2021-2022 Red Hat. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the -@@ -14,6 +14,7 @@ - * for more details. - */ - -+#include - #include "pmapi.h" - #include "pmda.h" - -@@ -147,6 +148,31 @@ sockets_fetchCallBack(pmdaMetric *metric, unsigned int inst, pmAtomValue *atom) - return PMDA_FETCH_STATIC; - } - -+/* -+ * Restrict the allowed filter strings to only limited special -+ * characters (open and close brackets - everthing else can be -+ * done with alphanumerics) to limit any attack surface here. -+ * The ss filtering language is more complex than we ever want -+ * to be attempting to parse ourself, so we leave that side of -+ * things to the ss command itself. -+ */ -+int -+sockets_check_filter(const char *string) -+{ -+ const char *p; -+ -+ for (p = string; *p; p++) { -+ if (isspace(*p)) -+ continue; -+ if (isalnum(*p)) -+ continue; -+ if (*p == '(' || *p == ')') -+ continue; -+ return 0; /* disallow */ -+ } -+ return 1; -+} -+ - static int - sockets_store(pmResult *result, pmdaExt *pmda) - { -@@ -165,9 +191,14 @@ sockets_store(pmResult *result, pmdaExt *pmda) - case 0: /* network.persocket.filter */ - if ((sts = pmExtractValue(vsp->valfmt, &vsp->vlist[0], - PM_TYPE_STRING, &av, PM_TYPE_STRING)) >= 0) { -+ if (sockets_check_filter(av.cp)) { -+ sts = PM_ERR_BADSTORE; -+ free(av.cp); -+ break; -+ } - if (ss_filter) - free(ss_filter); -- ss_filter = av.cp; /* TODO filter syntax check */ -+ ss_filter = av.cp; - } - break; - default: -diff --git a/src/pmdas/linux_sockets/ss_parse.c b/src/pmdas/linux_sockets/ss_parse.c -index 94c5e16e9..9f3afc691 100644 ---- a/src/pmdas/linux_sockets/ss_parse.c -+++ b/src/pmdas/linux_sockets/ss_parse.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2021 Red Hat. -+ * Copyright (c) 2021-2022 Red Hat. - * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the -@@ -21,65 +21,70 @@ static ss_stats_t ss_p; - /* boolean value with no separate value, default 0 */ - #define PM_TYPE_BOOL (PM_TYPE_UNKNOWN-1) - -+/* helper macros to extract field address and size */ -+#define SSFIELD(str,type,f) {(str), (sizeof(str)-1), type, (&(f)), (sizeof(f))} -+#define SSNULLFIELD(str) {(str), (sizeof(str)-1), PM_TYPE_UNKNOWN, NULL} -+ - static struct { - char *field; - int len; - int type; - void *addr; -+ int size; - int found; - } parse_table[] = { -- { "timer:", 6, PM_TYPE_STRING, &ss_p.timer_str }, -- { "uid:", 4, PM_TYPE_U32, &ss_p.uid }, -- { "ino:", 4, PM_TYPE_64, &ss_p.inode }, -- { "sk:", 3, PM_TYPE_U64, &ss_p.sk }, -- { "cgroup:", 7, PM_TYPE_STRING, &ss_p.cgroup }, -- { "v6only:", 7, PM_TYPE_32, &ss_p.v6only }, -- { "--- ", 4, PM_TYPE_UNKNOWN, NULL }, -- { "<-> ", 4, PM_TYPE_UNKNOWN, NULL }, -- { "--> ", 4, PM_TYPE_UNKNOWN, NULL }, -- { "skmem:", 6, PM_TYPE_STRING, &ss_p.skmem_str, }, -- { "ts ", 3, PM_TYPE_BOOL, &ss_p.ts }, -- { "sack ", 5, PM_TYPE_BOOL, &ss_p.sack }, -- { "cubic ", 6, PM_TYPE_BOOL, &ss_p.cubic }, -- { "wscale:", 7, PM_TYPE_STRING, &ss_p.wscale_str }, -- { "rto:", 4, PM_TYPE_DOUBLE, &ss_p.rto }, -- { "rtt:", 4, PM_TYPE_STRING, &ss_p.round_trip_str }, -- { "ato:", 4, PM_TYPE_DOUBLE, &ss_p.ato }, -- { "backoff:", 8, PM_TYPE_32, &ss_p.backoff }, -- { "mss:", 4, PM_TYPE_U32, &ss_p.mss }, -- { "pmtu:", 5, PM_TYPE_U32, &ss_p.pmtu }, -- { "rcvmss:", 7, PM_TYPE_U32, &ss_p.rcvmss }, -- { "advmss:", 7, PM_TYPE_U32, &ss_p.advmss }, -- { "cwnd:", 5, PM_TYPE_U32, &ss_p.cwnd }, -- { "lost:", 5, PM_TYPE_32, &ss_p.lost }, -- { "ssthresh:", 9, PM_TYPE_U32, &ss_p.ssthresh }, -- { "bytes_sent:", 11, PM_TYPE_U64, &ss_p.bytes_sent }, -- { "bytes_retrans:", 14, PM_TYPE_U64, &ss_p.bytes_retrans }, -- { "bytes_acked:", 12, PM_TYPE_U64, &ss_p.bytes_acked }, -- { "bytes_received:", 15, PM_TYPE_U64, &ss_p.bytes_received }, -- { "segs_out:", 9, PM_TYPE_U32, &ss_p.segs_out }, -- { "segs_in:", 8, PM_TYPE_U32, &ss_p.segs_in }, -- { "data_segs_out:", 14, PM_TYPE_U32, &ss_p.data_segs_out }, -- { "data_segs_in:", 13, PM_TYPE_U32, &ss_p.data_segs_in }, -- { "send ", 5, PM_TYPE_DOUBLE, &ss_p.send }, /* no ':' */ -- { "lastsnd:", 8, PM_TYPE_U32, &ss_p.lastsnd }, -- { "lastrcv:", 8, PM_TYPE_U32, &ss_p.lastrcv }, -- { "lastack:", 8, PM_TYPE_U32, &ss_p.lastack }, -- { "pacing_rate ", 12, PM_TYPE_DOUBLE, &ss_p.pacing_rate }, /* no ':' */ -- { "delivery_rate ", 14, PM_TYPE_DOUBLE, &ss_p.delivery_rate }, /* no ':' */ -- { "delivered:", 10, PM_TYPE_U32, &ss_p.delivered }, -- { "app_limited ", 12, PM_TYPE_BOOL, &ss_p.app_limited }, -- { "reord_seen:", 11, PM_TYPE_32, &ss_p.reord_seen }, -- { "busy:", 5, PM_TYPE_U64, &ss_p.busy }, -- { "unacked:", 8, PM_TYPE_32, &ss_p.unacked }, -- { "rwnd_limited:", 13, PM_TYPE_U64, &ss_p.rwnd_limited }, -- { "retrans:", 8, PM_TYPE_STRING, &ss_p.retrans_str }, -- { "dsack_dups:", 11, PM_TYPE_U32, &ss_p.dsack_dups }, -- { "rcv_rtt:", 8, PM_TYPE_DOUBLE, &ss_p.rcv_rtt }, -- { "rcv_space:", 10, PM_TYPE_32, &ss_p.rcv_space }, -- { "rcv_ssthresh:", 13, PM_TYPE_32, &ss_p.rcv_ssthresh }, -- { "minrtt:", 7, PM_TYPE_DOUBLE, &ss_p.minrtt }, -- { "notsent:", 8, PM_TYPE_U32, &ss_p.notsent }, -+ SSFIELD("timer:", PM_TYPE_STRING, ss_p.timer_str), -+ SSFIELD("uid:", PM_TYPE_U32, ss_p.uid), -+ SSFIELD("ino:", PM_TYPE_64, ss_p.inode), -+ SSFIELD("sk:", PM_TYPE_U64, ss_p.sk), -+ SSFIELD("cgroup:", PM_TYPE_STRING, ss_p.cgroup), -+ SSFIELD("v6only:", PM_TYPE_32, ss_p.v6only), -+ SSNULLFIELD("--- "), -+ SSNULLFIELD("<-> "), -+ SSNULLFIELD("--> "), -+ SSFIELD("skmem:", PM_TYPE_STRING, ss_p.skmem_str), -+ SSFIELD("ts ", PM_TYPE_BOOL, ss_p.ts), -+ SSFIELD("sack ", PM_TYPE_BOOL, ss_p.sack), -+ SSFIELD("cubic ", PM_TYPE_BOOL, ss_p.cubic), -+ SSFIELD("wscale:", PM_TYPE_STRING, ss_p.wscale_str), -+ SSFIELD("rto:", PM_TYPE_DOUBLE, ss_p.rto), -+ SSFIELD("rtt:", PM_TYPE_STRING, ss_p.round_trip_str), -+ SSFIELD("ato:", PM_TYPE_DOUBLE, ss_p.ato), -+ SSFIELD("backoff:", PM_TYPE_32, ss_p.backoff), -+ SSFIELD("mss:", PM_TYPE_U32, ss_p.mss), -+ SSFIELD("pmtu:", PM_TYPE_U32, ss_p.pmtu), -+ SSFIELD("rcvmss:", PM_TYPE_U32, ss_p.rcvmss), -+ SSFIELD("advmss:", PM_TYPE_U32, ss_p.advmss), -+ SSFIELD("cwnd:", PM_TYPE_U32, ss_p.cwnd), -+ SSFIELD("lost:", PM_TYPE_32, ss_p.lost), -+ SSFIELD("ssthresh:", PM_TYPE_U32, ss_p.ssthresh), -+ SSFIELD("bytes_sent:", PM_TYPE_U64, ss_p.bytes_sent), -+ SSFIELD("bytes_retrans:", PM_TYPE_U64, ss_p.bytes_retrans), -+ SSFIELD("bytes_acked:", PM_TYPE_U64, ss_p.bytes_acked), -+ SSFIELD("bytes_received:", PM_TYPE_U64, ss_p.bytes_received), -+ SSFIELD("segs_out:", PM_TYPE_U32, ss_p.segs_out), -+ SSFIELD("segs_in:", PM_TYPE_U32, ss_p.segs_in), -+ SSFIELD("data_segs_out:", PM_TYPE_U32, ss_p.data_segs_out), -+ SSFIELD("data_segs_in:", PM_TYPE_U32, ss_p.data_segs_in), -+ SSFIELD("send ", PM_TYPE_DOUBLE, ss_p.send), /* no ':' */ -+ SSFIELD("lastsnd:", PM_TYPE_U32, ss_p.lastsnd), -+ SSFIELD("lastrcv:", PM_TYPE_U32, ss_p.lastrcv), -+ SSFIELD("lastack:", PM_TYPE_U32, ss_p.lastack), -+ SSFIELD("pacing_rate ", PM_TYPE_DOUBLE, ss_p.pacing_rate), /* no ':' */ -+ SSFIELD("delivery_rate ", PM_TYPE_DOUBLE, ss_p.delivery_rate), /* no ':' */ -+ SSFIELD("delivered:", PM_TYPE_U32, ss_p.delivered), -+ SSFIELD("app_limited ", PM_TYPE_BOOL, ss_p.app_limited), -+ SSFIELD("reord_seen:", PM_TYPE_32, ss_p.reord_seen), -+ SSFIELD("busy:", PM_TYPE_U64, ss_p.busy), -+ SSFIELD("unacked:", PM_TYPE_32, ss_p.unacked), -+ SSFIELD("rwnd_limited:", PM_TYPE_U64, ss_p.rwnd_limited), -+ SSFIELD("retrans:", PM_TYPE_STRING, ss_p.retrans_str), -+ SSFIELD("dsack_dups:", PM_TYPE_U32, ss_p.dsack_dups), -+ SSFIELD("rcv_rtt:", PM_TYPE_DOUBLE, ss_p.rcv_rtt), -+ SSFIELD("rcv_space:", PM_TYPE_32, ss_p.rcv_space), -+ SSFIELD("rcv_ssthresh:", PM_TYPE_32, ss_p.rcv_ssthresh), -+ SSFIELD("minrtt:", PM_TYPE_DOUBLE, ss_p.minrtt), -+ SSFIELD("notsent:", PM_TYPE_U32, ss_p.notsent), - - { NULL } - }; -@@ -225,8 +230,11 @@ ss_parse(char *line, int has_state_field, ss_stats_t *ss) - if (*p == '(') - p++; - r = (char *)parse_table[i].addr; -- for (s=p; *s && *s != ' ' && *s != '\n' && *s != ')'; s++) -- *r++ = *s; /* TODO check r len */ -+ for (s=p; *s && *s != ' ' && *s != '\n' && *s != ')'; s++) { -+ *r++ = *s; -+ if (r - (char *)parse_table[i].addr >= parse_table[i].size - 1) -+ break; -+ } - *r = '\0'; - break; - case PM_TYPE_32: -diff --git a/src/pmdas/linux_sockets/ss_stats.h b/src/pmdas/linux_sockets/ss_stats.h -index 183db5afa..009a00cd9 100644 ---- a/src/pmdas/linux_sockets/ss_stats.h -+++ b/src/pmdas/linux_sockets/ss_stats.h -@@ -1,11 +1,11 @@ - /* -- * Copyright (c) 2021 Red Hat. -- * -+ * Copyright (c) 2021-2022 Red Hat. -+ * - * This program is free software; you can redistribute it and/or modify it - * under the terms of the GNU General Public License as published by the - * Free Software Foundation; either version 2 of the License, or (at your - * option) any later version. -- * -+ * - * This program is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY - * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -@@ -26,7 +26,7 @@ typedef struct ss_stats { - __int32_t timer_retrans; - __uint32_t uid; - __uint64_t sk; -- char cgroup[64]; -+ char cgroup[128]; - __int32_t v6only; - char skmem_str[64]; - __int32_t skmem_rmem_alloc; -commit 77ba20d5e76ada83283a262dd2083b2fc284b5f8 -Author: Nathan Scott -Date: Thu May 5 09:33:46 2022 +1000 - - selinux: policy updates needed for the pmdasockets metrics - - Thanks to Jan Kurík and Miloš Malík we have the additional - selinux policy requirements - without these we see QE test - failures for this agent with pcp-ss(1) on RHEL. - - Related to Red Hat BZ #1981886. - -diff --git a/qa/917.out.in b/qa/917.out.in -index 3bd1dc15e..6a4356a12 100644 ---- a/qa/917.out.in -+++ b/qa/917.out.in -@@ -154,9 +154,9 @@ Checking policies. - # -- end logging_watch_journal_dirs(pcp_domain) expansion - allow [pcp_pmcd_t] [cluster_tmpfs_t] : [file] { write }; - allow [pcp_pmcd_t] [drbd_exec_t] : [file] { execute execute_no_trans }; -- allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read }; -- allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans }; -- allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { bind create getattr nlmsg_read setopt }; -+! allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read }; -+! allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans }; -+! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write }; - allow [syslogd_t] [pcp_log_t] : [fifo_file] { open read write }; - allow [pcp_pmcd_t] [etc_t] : [dir] { open read search getattr lock ioctl }; - allow [pcp_pmcd_t] [shadow_t] : [file] { getattr ioctl lock open read }; -diff --git a/src/selinux/GNUlocaldefs b/src/selinux/GNUlocaldefs -index 1a1b1428c..1462c5ccb 100644 ---- a/src/selinux/GNUlocaldefs -+++ b/src/selinux/GNUlocaldefs -@@ -138,8 +138,8 @@ PCP_NETLINK_GENERIC_SOCKET_RULE="allow pcp_pmcd_t self:netlink_generic_socket { - endif - - ifeq "$(PCP_SELINUX_NETLINK_TCPDIAG_SOCKET_CLASS)" "true" --PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { bind create getattr nlmsg_read setopt };" --PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { bind create getattr nlmsg_read setopt };" -+PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };" -+PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };" - endif - - ifeq "$(PCP_SELINUX_LOCKDOWN_CLASS)" "true" -commit a6222992fe5f97f94bdddd928ce9557be1918bfd -Author: Jan Kurik -Date: Fri May 6 08:04:46 2022 +1000 - - selinux: fine-tune netlink_tcpdiag_socket policy for all platforms - - Previous policy set did not apply correctly on ppc64le and aarch64 - architectures. After some tweaking the following set of permissions - was found to work on all the supported architectures and fixes the - behavior of the sockets PMDA. - - Related to Red Hat BZ #1981886. - -diff --git a/qa/917.out.in b/qa/917.out.in -index 6a4356a12..723193aa2 100644 ---- a/qa/917.out.in -+++ b/qa/917.out.in -@@ -156,7 +156,7 @@ Checking policies. - allow [pcp_pmcd_t] [drbd_exec_t] : [file] { execute execute_no_trans }; - ! allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read }; - ! allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans }; --! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write }; -+! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write }; - allow [syslogd_t] [pcp_log_t] : [fifo_file] { open read write }; - allow [pcp_pmcd_t] [etc_t] : [dir] { open read search getattr lock ioctl }; - allow [pcp_pmcd_t] [shadow_t] : [file] { getattr ioctl lock open read }; -diff --git a/src/selinux/GNUlocaldefs b/src/selinux/GNUlocaldefs -index 1462c5ccb..9733aead9 100644 ---- a/src/selinux/GNUlocaldefs -+++ b/src/selinux/GNUlocaldefs -@@ -138,8 +138,8 @@ PCP_NETLINK_GENERIC_SOCKET_RULE="allow pcp_pmcd_t self:netlink_generic_socket { - endif - - ifeq "$(PCP_SELINUX_NETLINK_TCPDIAG_SOCKET_CLASS)" "true" --PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };" --PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };" -+PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write };" -+PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock nlmsg_read nlmsg_write read setattr setopt shutdown write };" - endif - - ifeq "$(PCP_SELINUX_LOCKDOWN_CLASS)" "true" diff --git a/SOURCES/redhat-bugzilla-2059461-pmie-systemd-fixup.patch b/SOURCES/redhat-bugzilla-2059461-pmie-systemd-fixup.patch deleted file mode 100644 index b3190a7..0000000 --- a/SOURCES/redhat-bugzilla-2059461-pmie-systemd-fixup.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -Naurp pcp-5.3.7.orig/src/pmie/GNUmakefile pcp-5.3.7/src/pmie/GNUmakefile ---- pcp-5.3.7.orig/src/pmie/GNUmakefile 2022-02-02 11:53:05.000000000 +1100 -+++ pcp-5.3.7/src/pmie/GNUmakefile 2022-05-03 11:45:12.108743480 +1000 -@@ -80,6 +80,7 @@ pmie.service : pmie.service.in - $(SED) <$< >$@ \ - -e 's;@PCP_RC_DIR@;'$(PCP_RC_DIR)';' \ - -e 's;@PCP_RUN_DIR@;'$(PCP_RUN_DIR)';' \ -+ -e 's;@PCP_SYSCONFIG_DIR@;'$(PCP_SYSCONFIG_DIR)';' \ - # END - - pmie_farm.service : pmie_farm.service.in diff --git a/SOURCES/redhat-bugzilla-2059463-pmdapostfix-harden.patch b/SOURCES/redhat-bugzilla-2059463-pmdapostfix-harden.patch deleted file mode 100644 index 73236d6..0000000 --- a/SOURCES/redhat-bugzilla-2059463-pmdapostfix-harden.patch +++ /dev/null @@ -1,146 +0,0 @@ -commit f54eddf494e474531e5af609bcc376037a918977 -Author: Nathan Scott -Date: Tue Apr 26 14:32:59 2022 +1000 - - pmdapostfix: harden against a not-yet-running postfix - - Ensure the postfix PMDA can start and service requests even - if postfix is not yet started. - -diff --git a/src/perl/PMDA/local.c b/src/perl/PMDA/local.c -index e223bde7a..33130bc5d 100644 ---- a/src/perl/PMDA/local.c -+++ b/src/perl/PMDA/local.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2012-2017 Red Hat. -+ * Copyright (c) 2012-2017,2022 Red Hat. - * Copyright (c) 2008-2011 Aconex. All Rights Reserved. - * - * This program is free software; you can redistribute it and/or modify it -@@ -139,18 +139,15 @@ int - local_tail(char *file, scalar_t *callback, int cookie) - { - int fd = open(file, O_RDONLY | O_NDELAY); -- struct stat stats; -+ struct stat stats = {0}; - int me; - -- if (fd < 0) { -- pmNotifyErr(LOG_ERR, "open failed (%s): %s", file, osstrerror()); -- exit(1); -- } -- if (fstat(fd, &stats) < 0) { -- pmNotifyErr(LOG_ERR, "fstat failed (%s): %s", file, osstrerror()); -- exit(1); -- } -- lseek(fd, 0L, SEEK_END); -+ if (fd < 0) -+ pmNotifyErr(LOG_INFO, "open failed (%s): %s", file, osstrerror()); -+ else if (fstat(fd, &stats) < 0) -+ pmNotifyErr(LOG_INFO, "fstat failed (%s): %s", file, osstrerror()); -+ else -+ lseek(fd, 0L, SEEK_END); - me = local_file(FILE_TAIL, fd, callback, cookie); - files[me].me.tail.path = strdup(file); - files[me].me.tail.dev = stats.st_dev; -@@ -416,10 +413,11 @@ local_pmdaMain(pmdaInterface *self) - } - - for (i = 0; i < nfiles; i++) { -- fd = files[i].fd; - /* check for log rotation or host reconnection needed */ - if ((count % 10) == 0) /* but only once every 10 */ - local_connection(&files[i]); -+ if ((fd = files[i].fd) < 0) -+ continue; - if (files[i].type != FILE_TAIL && !(__pmFD_ISSET(fd, &readyfds))) - continue; - offset = 0; -@@ -431,21 +429,16 @@ multiread: - (oserror() == EAGAIN) || - (oserror() == EWOULDBLOCK))) - continue; -- if (files[i].type == FILE_SOCK) { -- close(files[i].fd); -- files[i].fd = -1; -- continue; -- } -- pmNotifyErr(LOG_ERR, "Data read error on %s: %s\n", -- local_filetype(files[i].type), osstrerror()); -- exit(1); -+ close(files[i].fd); -+ files[i].fd = -1; -+ continue; - } - if (bytes == 0) { - if (files[i].type == FILE_TAIL) - continue; -- pmNotifyErr(LOG_ERR, "No data to read - %s may be closed\n", -- local_filetype(files[i].type)); -- exit(1); -+ close(files[i].fd); -+ files[i].fd = -1; -+ continue; - } - /* - * good read ... data up to buffer + offset + bytes is all OK -diff --git a/src/pmdas/postfix/pmdapostfix.pl b/src/pmdas/postfix/pmdapostfix.pl -index ac46816bc..d6d3f4d3a 100644 ---- a/src/pmdas/postfix/pmdapostfix.pl -+++ b/src/pmdas/postfix/pmdapostfix.pl -@@ -1,5 +1,5 @@ - # --# Copyright (c) 2012-2015 Red Hat. -+# Copyright (c) 2012-2015,2022 Red Hat. - # Copyright (c) 2009-2010 Josef 'Jeff' Sipek - # - # This program is free software; you can redistribute it and/or modify it -@@ -56,8 +56,6 @@ my @postfix_received_dom = ( - 1 => 'smtp', - ); - --my $setup = defined($ENV{'PCP_PERL_PMNS'}) || defined($ENV{'PCP_PERL_DOMAIN'}); -- - sub postfix_do_refresh - { - QUEUE: -@@ -212,7 +210,7 @@ $logstats{"received"}{1} = 0; - - # Note: - # Environment variables. --# $PMDA_POSTFIX_QSHAPE: alternative executable qshape scrpipt (for QA) -+# $PMDA_POSTFIX_QSHAPE: alternative executable qshape script (for QA) - # ... over-rides default and command line argument. - # ... over-rides default arguments -b 10 -t $refresh - # $PMDA_POSTFIX_REFRESH: alternative refresh rate (for QA) -@@ -228,7 +226,7 @@ if (defined($ENV{'PMDA_POSTFIX_QSHAPE'})) { - $qshape = $ENV{'PMDA_POSTFIX_QSHAPE'}; - $qshape_args = ''; - } --if (!$setup) { $pmda->log("qshape cmd: $qshape $qshape_args "); } -+unless (pmda_install()) { $pmda->log("qshape cmd: $qshape $qshape_args "); } - - if (defined($ENV{'PMDA_POSTFIX_REFRESH'})) { $refresh = $ENV{'PMDA_POSTFIX_REFRESH'}; } - -@@ -238,12 +236,15 @@ foreach my $file ( @logfiles ) { - } - } - if (defined($ENV{'PMDA_POSTFIX_LOG'})) { $logfile = $ENV{'PMDA_POSTFIX_LOG'}; } --unless(defined($logfile)) --{ -- $pmda->log("Fatal: No Postfix log file found in: @logfiles"); -- die 'No Postfix log file found'; -+unless (pmda_install()) { -+ if (defined($logfile)) { -+ $pmda->log("logfile: $logfile"); -+ } else { -+ $pmda->log("Warning: assuming logfile: $logfiles[0] as no Postfix log found yet from: @logfiles"); -+ } - } --if (!$setup) { $pmda->log("logfile: $logfile"); } -+# set a good default if none found, before continuing -+unless (defined($logfile)) { $logfile = $logfiles[0]; } - - $pmda->add_indom($postfix_queues_indom, \@postfix_queues_dom, '', ''); - $pmda->add_indom($postfix_sent_indom, \@postfix_sent_dom, '', ''); diff --git a/SOURCES/redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch b/SOURCES/redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch deleted file mode 100644 index 77256ef..0000000 --- a/SOURCES/redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch +++ /dev/null @@ -1,44 +0,0 @@ -commit d874d2e486c8a64fa9945ed7aa0048cccbd46f77 -Author: Nathan Scott -Date: Wed May 4 17:11:19 2022 +1000 - - pmdaproc: fix cgroup cpu metrics refresh structures - - Jan Kurik encountered this issue when running the regression - testsuite (especially qa/359) on non-x86_64 architectures. - - Something must've changed in the toolchain recently on these - platforms since we've not seen this before, but this bug has - been in our code for some time. It works everywhere else by - good fortune, when there just happen to be NULLs after these - cgroups CPU parsing data structures. - - Resolves Red Hat BZ #2081262. - -diff --git a/src/pmdas/linux_proc/cgroups.c b/src/pmdas/linux_proc/cgroups.c -index 413a72343..26d59863a 100644 ---- a/src/pmdas/linux_proc/cgroups.c -+++ b/src/pmdas/linux_proc/cgroups.c -@@ -1,5 +1,5 @@ - /* -- * Copyright (c) 2012-2019 Red Hat. -+ * Copyright (c) 2012-2019,2022 Red Hat. - * Copyright (c) 2010 Aconex. All Rights Reserved. - * - * This program is free software; you can redistribute it and/or modify it -@@ -863,6 +863,7 @@ read_cpu_time(const char *file, cgroup_cputime_t *ccp) - { "usage_usec", &cputime.usage }, - { "user_usec", &cputime.user }, - { "system_usec", &cputime.system }, -+ { NULL, NULL } - }; - char buffer[4096], name[64]; - unsigned long long value; -@@ -903,6 +904,7 @@ read_cpu_stats(const char *file, cgroup_cpustat_t *ccp) - { "nr_periods", &cpustat.nr_periods }, - { "nr_throttled", &cpustat.nr_throttled }, - { "throttled_time", &cpustat.throttled_time }, -+ { NULL, NULL } - }; - char buffer[4096], name[64]; - unsigned long long value; diff --git a/SOURCES/redhat-bugzilla-2117074-ppc_arm_vmlinux.h.patch b/SOURCES/redhat-bugzilla-2117074-ppc_arm_vmlinux.h.patch new file mode 100644 index 0000000..90ecd66 --- /dev/null +++ b/SOURCES/redhat-bugzilla-2117074-ppc_arm_vmlinux.h.patch @@ -0,0 +1,88 @@ +diff --git a/vendor/github.com/iovisor/bcc/libbpf-tools/arm64/vmlinux_510.h b/vendor/github.com/iovisor/bcc/libbpf-tools/arm64/vmlinux_510.h +index f84b1347bf..3c032f5230 100644 +--- a/vendor/github.com/iovisor/bcc/libbpf-tools/arm64/vmlinux_510.h ++++ b/vendor/github.com/iovisor/bcc/libbpf-tools/arm64/vmlinux_510.h +@@ -1678,6 +1678,7 @@ struct perf_event { + int pending_wakeup; + int pending_kill; + int pending_disable; ++ long unsigned int pending_addr; + struct irq_work pending; + atomic_t event_limit; + struct perf_addr_filters_head addr_filters; +@@ -1693,6 +1694,7 @@ struct perf_event { + void *overflow_handler_context; + perf_overflow_handler_t orig_overflow_handler; + struct bpf_prog *prog; ++ u64 bpf_cookie; + struct trace_event_call *tp_event; + struct event_filter *filter; + struct ftrace_ops ftrace_ops; +@@ -26070,7 +26072,10 @@ enum bpf_link_type { + BPF_LINK_TYPE_ITER = 4, + BPF_LINK_TYPE_NETNS = 5, + BPF_LINK_TYPE_XDP = 6, +- MAX_BPF_LINK_TYPE = 7, ++ BPF_LINK_TYPE_PERF_EVENT = 7, ++ BPF_LINK_TYPE_KPROBE_MULTI = 8, ++ BPF_LINK_TYPE_STRUCT_OPS = 9, ++ MAX_BPF_LINK_TYPE = 10, + }; + + struct bpf_link_info { +@@ -30363,6 +30368,11 @@ struct bpf_raw_tp_link { + struct bpf_raw_event_map *btp; + }; + ++struct bpf_perf_link { ++ struct bpf_link link; ++ struct file *perf_file; ++}; ++ + struct btf_member { + __u32 name_off; + __u32 type; +diff --git a/vendor/github.com/iovisor/bcc/libbpf-tools/powerpc/vmlinux_510.h b/vendor/github.com/iovisor/bcc/libbpf-tools/powerpc/vmlinux_510.h +index 3b1b0127d1..052db391d4 100644 +--- a/vendor/github.com/iovisor/bcc/libbpf-tools/powerpc/vmlinux_510.h ++++ b/vendor/github.com/iovisor/bcc/libbpf-tools/powerpc/vmlinux_510.h +@@ -4345,6 +4345,7 @@ struct perf_event { + int pending_wakeup; + int pending_kill; + int pending_disable; ++ long unsigned int pending_addr; + struct irq_work pending; + atomic_t event_limit; + struct perf_addr_filters_head addr_filters; +@@ -4360,6 +4361,7 @@ struct perf_event { + void *overflow_handler_context; + perf_overflow_handler_t orig_overflow_handler; + struct bpf_prog *prog; ++ u64 bpf_cookie; + struct trace_event_call *tp_event; + struct event_filter *filter; + struct ftrace_ops ftrace_ops; +@@ -36449,7 +36451,10 @@ enum bpf_link_type { + BPF_LINK_TYPE_ITER = 4, + BPF_LINK_TYPE_NETNS = 5, + BPF_LINK_TYPE_XDP = 6, +- MAX_BPF_LINK_TYPE = 7, ++ BPF_LINK_TYPE_PERF_EVENT = 7, ++ BPF_LINK_TYPE_KPROBE_MULTI = 8, ++ BPF_LINK_TYPE_STRUCT_OPS = 9, ++ MAX_BPF_LINK_TYPE = 10, + }; + + struct bpf_link_info { +@@ -40756,6 +40761,11 @@ struct bpf_raw_tp_link { + struct bpf_raw_event_map *btp; + }; + ++struct bpf_perf_link { ++ struct bpf_link link; ++ struct file *perf_file; ++}; ++ + struct btf_member { + __u32 name_off; + __u32 type; diff --git a/SOURCES/redhat-bugzilla-2117074-vendored_vmlinux.h.patch b/SOURCES/redhat-bugzilla-2117074-vendored_vmlinux.h.patch new file mode 100644 index 0000000..7b01f83 --- /dev/null +++ b/SOURCES/redhat-bugzilla-2117074-vendored_vmlinux.h.patch @@ -0,0 +1,19 @@ +commit 23bfdcbac0b0fb7bd33f092c6f2ad56889480335 +Author: Andreas Gerstmayr +Date: Thu Oct 27 14:22:37 2022 +0200 + + build: use vendored vmlinux.h when compiling bpftool + +diff --git a/vendor/GNUmakefile b/vendor/GNUmakefile +index a0c29d4b45..57151e4671 100644 +--- a/vendor/GNUmakefile ++++ b/vendor/GNUmakefile +@@ -3,7 +3,7 @@ include $(TOPDIR)/src/include/builddefs + + default_pcp default: + ifeq "$(PMDA_BPF)" "true" +- $(MAKE) -C github.com/libbpf/bpftool/src ++ $(MAKE) -C github.com/libbpf/bpftool/src VMLINUX_H=$(PMDABPF_VMLINUXH) + endif + + install_pcp install: diff --git a/SPECS/pcp.spec b/SPECS/pcp.spec index e328201..e2fd045 100644 --- a/SPECS/pcp.spec +++ b/SPECS/pcp.spec @@ -1,20 +1,19 @@ Name: pcp -Version: 5.3.7 -Release: 7%{?dist} +Version: 6.0.1 +Release: 4%{?dist} Summary: System-level performance monitoring and performance management License: GPLv2+ and LGPLv2+ and CC-BY URL: https://pcp.io %global artifactory https://performancecopilot.jfrog.io/artifactory Source0: %{artifactory}/pcp-source-release/pcp-%{version}.src.tar.gz -Patch0: redhat-bugzilla-1981886-pmdasockets-backporting.patch -Patch1: redhat-bugzilla-2059461-pmie-systemd-fixup.patch -Patch2: redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch -Patch3: redhat-bugzilla-2059463-pmdapostfix-harden.patch + +Patch0: redhat-bugzilla-2117074-vendored_vmlinux.h.patch +Patch1: redhat-bugzilla-2117074-ppc_arm_vmlinux.h.patch # The additional linker flags break out-of-tree PMDAs. # https://bugzilla.redhat.com/show_bug.cgi?id=2043092 -%undefine _package_note_flags +%undefine _package_note_flags %if 0%{?fedora} >= 26 || 0%{?rhel} > 7 %global __python2 python2 @@ -50,8 +49,6 @@ Patch3: redhat-bugzilla-2059463-pmdapostfix-harden.patch %endif %endif -%global disable_podman 0 - # libchan, libhdr_histogram and pmdastatsd %if 0%{?fedora} >= 29 || 0%{?rhel} > 7 %global disable_statsd 0 @@ -98,7 +95,7 @@ Patch3: redhat-bugzilla-2059463-pmdapostfix-harden.patch %global disable_bcc 1 %endif -# support for pmdabpf, check bpf.spec for supported architectures of bpf +# support for pmdabpf, check bcc.spec for supported architectures of libbpf-tools %if 0%{?fedora} >= 33 || 0%{?rhel} > 8 %ifarch x86_64 ppc64 ppc64le aarch64 %global disable_bpf 0 @@ -131,6 +128,13 @@ Patch3: redhat-bugzilla-2059463-pmdapostfix-harden.patch %global disable_json 1 %endif +# support for pmdamongodb +%if !%{disable_python2} || !%{disable_python3} +%global disable_mongodb 0 +%else +%global disable_mongodb 1 +%endif + # No mssql ODBC driver on non-x86 platforms %ifarch x86_64 %if !%{disable_python2} || !%{disable_python3} @@ -233,7 +237,6 @@ Obsoletes: pcp-pmda-nvidia < 3.10.5 BuildRequires: make BuildRequires: gcc gcc-c++ BuildRequires: procps autoconf bison flex -BuildRequires: nss-devel BuildRequires: avahi-devel BuildRequires: xz-devel BuildRequires: zlib-devel @@ -279,7 +282,7 @@ BuildRequires: perl(Time::HiRes) perl(Digest::MD5) BuildRequires: perl(XML::LibXML) perl(File::Slurp) BuildRequires: man %{_hostname_executable} %if !%{disable_systemd} -BuildRequires: systemd-devel systemd-rpm-macros +BuildRequires: systemd-devel %endif %if !%{disable_qt} BuildRequires: desktop-file-utils @@ -292,40 +295,28 @@ BuildRequires: qt5-qtsvg-devel %endif Requires: bash xz gawk sed grep findutils which %{_hostname_executable} -%if 0%{?rhel} > 8 -Requires: cyrus-sasl-scram -%endif Requires: pcp-libs = %{version}-%{release} -%if !%{disable_selinux} +%if !%{disable_selinux} # rpm boolean dependencies are supported since RHEL 8 %if 0%{?fedora} >= 35 || 0%{?rhel} >= 8 -# This ensures that the pcp-selinux package and all it's dependencies are not pulled -# into containers and other systems that do not use SELinux +# This ensures that the pcp-selinux package and all its dependencies are +# not pulled into containers and other systems that do not use SELinux Requires: (pcp-selinux = %{version}-%{release} if selinux-policy-targeted) %else Requires: pcp-selinux = %{version}-%{release} %endif - %endif %global _confdir %{_sysconfdir}/pcp %global _logsdir %{_localstatedir}/log/pcp %global _pmnsdir %{_localstatedir}/lib/pcp/pmns -%global _pmnsexecdir %{_libexecdir}/pcp/pmns -%global _tempsdir %{_localstatedir}/lib/pcp/tmp %global _pmdasdir %{_localstatedir}/lib/pcp/pmdas %global _pmdasexecdir %{_libexecdir}/pcp/pmdas %global _testsdir %{_localstatedir}/lib/pcp/testsuite -%global _selinuxdir %{_localstatedir}/lib/pcp/selinux -%global _selinuxexecdir %{_libexecdir}/pcp/selinux -%global _logconfdir %{_localstatedir}/lib/pcp/config/pmlogconf +%global _ieconfigdir %{_localstatedir}/lib/pcp/config/pmie %global _ieconfdir %{_localstatedir}/lib/pcp/config/pmieconf -%global _tapsetdir %{_datadir}/systemtap/tapset -%global _bashcompdir %{_datadir}/bash-completion/completions -%global _pixmapdir %{_datadir}/pcp-gui/pixmaps -%global _hicolordir %{_datadir}/icons/hicolor -%global _booksdir %{_datadir}/doc/pcp-doc +%global _selinuxdir %{_datadir}/selinux/packages/targeted %if 0%{?fedora} >= 20 || 0%{?rhel} >= 8 %global _with_doc --with-docdir=%{_docdir}/%{name} @@ -368,12 +359,6 @@ Requires: pcp-selinux = %{version}-%{release} %global _with_perfevent --with-perfevent=yes %endif -%if %{disable_podman} -%global _with_podman --with-podman=no -%else -%global _with_podman --with-podman=yes -%endif - %if %{disable_statsd} %global _with_statsd --with-pmdastatsd=no %else @@ -404,6 +389,12 @@ Requires: pcp-selinux = %{version}-%{release} %global _with_json --with-pmdajson=yes %endif +%if %{disable_mongodb} +%global _with_mongodb --with-pmdamongodb=no +%else +%global _with_mongodb --with-pmdamongodb=yes +%endif + %if %{disable_nutcracker} %global _with_nutcracker --with-pmdanutcracker=no %else @@ -446,13 +437,12 @@ else fi } -%global selinux_handle_policy() %{expand: -if [ %1 -ge 1 ] +%global run_pmieconf() %{expand: +if [ -w "%1" ] then - %{_libexecdir}/pcp/bin/selinux-setup %{_selinuxdir} install %2 -elif [ %1 -eq 0 ] -then - %{_libexecdir}/pcp/bin/selinux-setup %{_selinuxdir} remove %2 + pmieconf -c enable "%2" +else + echo "WARNING: Cannot write to %1, skipping pmieconf enable of %2." >&2 fi } @@ -487,6 +477,9 @@ Summary: Performance Co-Pilot run-time libraries URL: https://pcp.io Requires: pcp-conf = %{version}-%{release} +# prevent conflicting library (libpcp.so.N) installation +Conflicts: postgresql-pgpool-II + %description libs Performance Co-Pilot (PCP) run-time libraries @@ -499,6 +492,9 @@ Summary: Performance Co-Pilot (PCP) development headers URL: https://pcp.io Requires: pcp = %{version}-%{release} pcp-libs = %{version}-%{release} +# prevent conflicting library (libpcp.so) installation +Conflicts: postgresql-pgpool-II-devel + %description libs-devel Performance Co-Pilot (PCP) headers for development. @@ -539,10 +535,7 @@ Requires: pcp-pmda-dm pcp-pmda-apache Requires: pcp-pmda-bash pcp-pmda-cisco pcp-pmda-gfs2 pcp-pmda-mailq pcp-pmda-mounts Requires: pcp-pmda-nvidia-gpu pcp-pmda-roomtemp pcp-pmda-sendmail pcp-pmda-shping pcp-pmda-smart Requires: pcp-pmda-hacluster pcp-pmda-lustrecomm pcp-pmda-logger pcp-pmda-denki pcp-pmda-docker pcp-pmda-bind2 -Requires: pcp-pmda-sockets -%if !%{disable_podman} -Requires: pcp-pmda-podman -%endif +Requires: pcp-pmda-sockets pcp-pmda-podman %if !%{disable_statsd} Requires: pcp-pmda-statsd %endif @@ -562,7 +555,10 @@ Requires: pcp-pmda-bpftrace Requires: pcp-pmda-gluster pcp-pmda-zswap pcp-pmda-unbound pcp-pmda-mic Requires: pcp-pmda-libvirt pcp-pmda-lio pcp-pmda-openmetrics pcp-pmda-haproxy Requires: pcp-pmda-lmsensors pcp-pmda-netcheck pcp-pmda-rabbitmq -Requires: pcp-pmda-openvswitch pcp-pmda-mongodb +Requires: pcp-pmda-openvswitch +%endif +%if !%{disable_mongodb} +Requires: pcp-pmda-mongodb %endif %if !%{disable_mssql} Requires: pcp-pmda-mssql @@ -903,7 +899,6 @@ Performance Co-Pilot (PCP) front-end tools for exporting metric values to the Zabbix (https://www.zabbix.org/) monitoring software. %endif -%if !%{disable_podman} # # pcp-pmda-podman # @@ -916,7 +911,6 @@ Requires: pcp = %{version}-%{release} pcp-libs = %{version}-%{release} %description pmda-podman This package contains the PCP Performance Metrics Domain Agent (PMDA) for collecting podman container and pod statistics via the podman REST API. -%endif %if !%{disable_statsd} # @@ -1805,7 +1799,9 @@ Requires: %{__python2}-pcp This package contains the PCP Performance Metrics Domain Agent (PMDA) for collecting metrics from simple network checks. # end pcp-pmda-netcheck +%endif +%if !%{disable_mongodb} # # pcp-pmda-mongodb # @@ -1818,11 +1814,13 @@ Requires: pcp = %{version}-%{release} pcp-libs = %{version}-%{release} Requires: python3-pcp %if 0%{?rhel} == 0 Requires: python3-pymongo +BuildRequires: python3-pymongo %endif %else Requires: %{__python2}-pcp %if 0%{?rhel} == 0 Requires: %{__python2}-pymongo +BuildRequires: %{__python2}-pymongo %endif %endif %description pmda-mongodb @@ -2294,11 +2292,9 @@ updated policy package. %setup -q %patch0 -p1 %patch1 -p1 -%patch2 -p1 -%patch3 -p1 %build -# the buildsubdir macro gets defined in %setup and is apparently only available in the next step (i.e. the %build step) +# the buildsubdir macro gets defined in %%setup and is apparently only available in the next step (i.e. the %%build step) %global __strip %{_builddir}/%{?buildsubdir}/build/rpm/custom-strip # fix up build version @@ -2308,7 +2304,7 @@ sed -i "/PACKAGE_BUILD/s/=[0-9]*/=$_build/" VERSION.pcp %if !%{disable_python2} && 0%{?default_python} != 3 export PYTHON=python%{?default_python} %endif -%configure %{?_with_initd} %{?_with_doc} %{?_with_dstat} %{?_with_ib} %{?_with_podman} %{?_with_statsd} %{?_with_perfevent} %{?_with_bcc} %{?_with_bpf} %{?_with_bpftrace} %{?_with_json} %{?_with_snmp} %{?_with_nutcracker} %{?_with_python2} +%configure %{?_with_initd} %{?_with_doc} %{?_with_dstat} %{?_with_ib} %{?_with_statsd} %{?_with_perfevent} %{?_with_bcc} %{?_with_bpf} %{?_with_bpftrace} %{?_with_json} %{?_with_mongodb} %{?_with_snmp} %{?_with_nutcracker} %{?_with_python2} make %{?_smp_mflags} default_pcp %install @@ -2431,7 +2427,7 @@ total_manifest() { awk '{print $NF}' $DIST_MANIFEST } basic_manifest() { - total_manifest | cull '/pcp-doc/|/testsuite/|/man/|/examples/' + total_manifest | cull '/pcp-doc/|/testsuite/|/man/|pcp/examples/' } # @@ -2440,16 +2436,16 @@ basic_manifest() { # Likewise, for the pcp-pmda and pcp-testsuite subpackages. # total_manifest | keep 'tutorials|/html/|pcp-doc|man.*\.[1-9].*' | cull 'out' >pcp-doc-files -total_manifest | keep 'testsuite|etc/systemd/system|libpcp_fault|pcp/fault.h' >pcp-testsuite-files +total_manifest | keep 'testsuite|pcpqa|etc/systemd/system|libpcp_fault|pcp/fault.h' >pcp-testsuite-files basic_manifest | keep "$PCP_GUI|pcp-gui|applications|pixmaps|hicolor" | cull 'pmtime.h' >pcp-gui-files -basic_manifest | keep 'selinux' | cull 'tmp|GNUselinuxdefs' >pcp-selinux-files +basic_manifest | keep 'selinux' | cull 'tmp|testsuite' >pcp-selinux-files basic_manifest | keep 'zeroconf|daily[-_]report|/sa$' >pcp-zeroconf-files basic_manifest | grep -E -e 'pmiostat|pmrep|dstat|htop|pcp2csv' \ -e 'pcp-atop|pcp-dmcache|pcp-dstat|pcp-free|pcp-htop' \ -e 'pcp-ipcs|pcp-iostat|pcp-lvmcache|pcp-mpstat' \ -e 'pcp-numastat|pcp-pidstat|pcp-shping|pcp-tapestat' \ - -e 'pcp-uptime|pcp-verify|pcp-ss' | \ + -e 'pcp-uptime|pcp-verify|pcp-ss|pcp-ps' | \ cull 'selinux|pmlogconf|pmieconf|pmrepconf' >pcp-system-tools-files basic_manifest | keep 'sar2pcp' >pcp-import-sar2pcp-files @@ -2514,7 +2510,7 @@ basic_manifest | keep '(etc/pcp|pmdas)/nginx(/|$)' >pcp-pmda-nginx-files basic_manifest | keep '(etc/pcp|pmdas)/nutcracker(/|$)' >pcp-pmda-nutcracker-files basic_manifest | keep '(etc/pcp|pmdas)/nvidia(/|$)' >pcp-pmda-nvidia-files basic_manifest | keep '(etc/pcp|pmdas)/openmetrics(/|$)' >pcp-pmda-openmetrics-files -basic_manifest | keep '(etc/pcp|pmdas)/openvswitch(/|$)' >pcp-pmda-openvswitch-files +basic_manifest | keep '(etc/pcp|pmdas|pmieconf)/openvswitch(/|$)' >pcp-pmda-openvswitch-files basic_manifest | keep '(etc/pcp|pmdas)/oracle(/|$)' >pcp-pmda-oracle-files basic_manifest | keep '(etc/pcp|pmdas)/pdns(/|$)' >pcp-pmda-pdns-files basic_manifest | keep '(etc/pcp|pmdas)/perfevent(/|$)' >pcp-pmda-perfevent-files @@ -2687,14 +2683,28 @@ done %endif %pre testsuite -test -d %{_testsdir} || mkdir -p -m 755 %{_testsdir} +%if !%{disable_selinux} +%selinux_relabel_pre -s targeted +%endif +%if 0%{?fedora} >= 32 || 0%{?rhel} >= 9 +echo u pcpqa - \"PCP Quality Assurance\" %{_testsdir} /bin/bash | \ + systemd-sysusers --replace=/usr/lib/sysusers.d/pcp-testsuite.conf - +%else getent group pcpqa >/dev/null || groupadd -r pcpqa getent passwd pcpqa >/dev/null || \ useradd -c "PCP Quality Assurance" -g pcpqa -d %{_testsdir} -M -r -s /bin/bash pcpqa 2>/dev/null +%endif +test -d %{_testsdir} || mkdir -p -m 755 %{_testsdir} chown -R pcpqa:pcpqa %{_testsdir} 2>/dev/null exit 0 %post testsuite +%if !%{disable_selinux} +PCP_SELINUX_DIR=%{_selinuxdir} +semodule -r pcpqa >/dev/null 2>&1 || true +%selinux_modules_install -s targeted "$PCP_SELINUX_DIR/pcp-testsuite.pp.bz2" +%selinux_relabel_post -s targeted +%endif chown -R pcpqa:pcpqa %{_testsdir} 2>/dev/null %if 0%{?rhel} %if !%{disable_systemd} @@ -2709,10 +2719,23 @@ chown -R pcpqa:pcpqa %{_testsdir} 2>/dev/null %endif exit 0 +%if !%{disable_selinux} +%postun testsuite +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s targeted pcp-testsuite + %selinux_relabel_post -s targeted +fi +%endif + %pre +%if 0%{?fedora} >= 32 || 0%{?rhel} >= 9 +echo u pcp - \"Performance Co-Pilot\" %{_localstatedir}/lib/pcp | \ + systemd-sysusers --replace=/usr/lib/sysusers.d/pcp.conf - +%else getent group pcp >/dev/null || groupadd -r pcp getent passwd pcp >/dev/null || \ useradd -c "Performance Co-Pilot" -g pcp -d %{_localstatedir}/lib/pcp -M -r -s /sbin/nologin pcp +%endif exit 0 %if !%{disable_systemd} @@ -2730,10 +2753,8 @@ exit 0 %{pmda_remove "$1" "perfevent"} %endif -%if !%{disable_podman} %preun pmda-podman %{pmda_remove "$1" "podman"} -%endif %if !%{disable_statsd} %preun pmda-statsd @@ -2891,8 +2912,10 @@ exit 0 %preun pmda-lmsensors %{pmda_remove "$1" "lmsensors"} +%if !%{disable_mongodb} %preun pmda-mongodb %{pmda_remove "$1" "mongodb"} +%endif %if !%{disable_mssql} %preun pmda-mssql @@ -2958,14 +2981,6 @@ exit 0 %preun pmda-weblog %{pmda_remove "$1" "weblog"} -%if !%{disable_systemd} -%preun zeroconf -if [ "$1" -eq 0 ] -then - %systemd_preun pmlogger_daily_report.timer pmlogger_daily_report.service -fi -%endif - %preun if [ "$1" -eq 0 ] then @@ -2995,6 +3010,7 @@ fi PCP_PMDAS_DIR=%{_pmdasdir} PCP_SYSCONFIG_DIR=%{_sysconfdir}/sysconfig PCP_PMCDCONF_PATH=%{_confdir}/pmcd/pmcd.conf +PCP_PMIECONFIG_DIR=%{_ieconfigdir} # auto-install important PMDAs for RH Support (if not present already) for PMDA in dm nfsclient openmetrics ; do if ! grep -q "$PMDA/pmda$PMDA" "$PCP_PMCDCONF_PATH" @@ -3003,7 +3019,7 @@ for PMDA in dm nfsclient openmetrics ; do fi done # auto-enable these usually optional pmie rules -pmieconf -c enable dmthin +%{run_pmieconf "$PCP_PMIECONFIG_DIR" dmthin} %if 0%{?rhel} %if !%{disable_systemd} systemctl restart pmcd pmlogger pmie >/dev/null 2>&1 @@ -3018,17 +3034,6 @@ pmieconf -c enable dmthin %endif %endif -%if !%{disable_selinux} -%post selinux -%{selinux_handle_policy "$1" "pcpupstream"} - -%triggerin selinux -- docker-selinux -%{selinux_handle_policy "$1" "pcpupstream-docker"} - -%triggerin selinux -- container-selinux -%{selinux_handle_policy "$1" "pcpupstream-container"} -%endif - %post PCP_PMNS_DIR=%{_pmnsdir} PCP_LOG_DIR=%{_logsdir} @@ -3067,14 +3072,22 @@ PCP_LOG_DIR=%{_logsdir} %endif %if !%{disable_selinux} -%preun selinux -%{selinux_handle_policy "$1" "pcpupstream"} +%pre selinux +%selinux_relabel_pre -s targeted -%triggerun selinux -- docker-selinux -%{selinux_handle_policy "$1" "pcpupstream-docker"} +%post selinux +PCP_SELINUX_DIR=%{_selinuxdir} +semodule -r pcpupstream-container >/dev/null 2>&1 || true +semodule -r pcpupstream-docker >/dev/null 2>&1 || true +semodule -r pcpupstream >/dev/null 2>&1 || true +%selinux_modules_install -s targeted "$PCP_SELINUX_DIR/pcp.pp.bz2" +%selinux_relabel_post -s targeted -%triggerun selinux -- container-selinux -%{selinux_handle_policy "$1" "pcpupstream-container"} +%postun selinux +if [ $1 -eq 0 ]; then + %selinux_modules_uninstall -s targeted pcp + %selinux_relabel_post -s targeted +fi %endif %files -f pcp-files.rpm @@ -3093,6 +3106,7 @@ PCP_LOG_DIR=%{_logsdir} %if !%{disable_selinux} %files selinux -f pcp-selinux-files.rpm +%ghost %verify(not md5 size mode mtime) %{_sharedstatedir}/selinux/targeted/active/modules/200/pcp %endif %if !%{disable_qt} @@ -3105,9 +3119,7 @@ PCP_LOG_DIR=%{_logsdir} %files pmda-infiniband -f pcp-pmda-infiniband-files.rpm %endif -%if !%{disable_podman} %files pmda-podman -f pcp-pmda-podman-files.rpm -%endif %if !%{disable_statsd} %files pmda-statsd -f pcp-pmda-statsd-files.rpm @@ -3224,7 +3236,9 @@ PCP_LOG_DIR=%{_logsdir} %files pmda-lmsensors -f pcp-pmda-lmsensors-files.rpm +%if !%{disable_mongodb} %files pmda-mongodb -f pcp-pmda-mongodb-files.rpm +%endif %if !%{disable_mssql} %files pmda-mssql -f pcp-pmda-mssql-files.rpm @@ -3353,6 +3367,26 @@ PCP_LOG_DIR=%{_logsdir} %files zeroconf -f pcp-zeroconf-files.rpm %changelog +* Tue Jan 17 2023 Nathan Scott - 6.0.1-4 +- Rebuild for dependency on new version of libbpf (BZ 2159276) + +* Thu Nov 17 2022 Nathan Scott - 6.0.1-3 +- Remove pmlogger_daily_report systemd leftovers (BZ 2142713) + +* Fri Nov 11 2022 Nathan Scott - 6.0.1-2 +- Resolve an issue with installing sysusers entries (BZ 2138758) + +* Fri Oct 28 2022 Nathan Scott - 6.0.1-1 +- Convert to independent selinux policy (BZs 1941873, 2127037) +- Improve pmproxy REST API timeout handling (BZ 2130208) +- Rebase to latest stable version of PCP (BZ 2117074) + +* Mon Sep 26 2022 Nathan Scott - 6.0.0-1 +- Support --top* options in the pcp-dstat(1) utility (BZ 2020988) +- Performance improvements, fixes in pmseries --load (BZ 2027430) +- Switch from static pcp useradd to systemd-sysusers (BZ 2095445) +- Rebase to latest stable version of PCP (BZ 2117074) + * Mon May 09 2022 Nathan Scott - 5.3.7-7 - Additional selinux policy rules for pmdasockets (BZ 1981886)