From f6b88330402684efb39958b4ef4caf20a80bbfcf Mon Sep 17 00:00:00 2001 From: Nathan Scott Date: Thu, 5 May 2022 10:20:12 +1000 Subject: [PATCH] Resolve QA detected bugs from upstream pcp-5.3.7 rebase Resolves: rhbz#2072971 --- pcp.spec | 13 +- ...illa-1981886-pmdasockets-backporting.patch | 44 ++++++ ...-bugzilla-2059463-pmdapostfix-harden.patch | 146 ++++++++++++++++++ ...ugzilla-2081262-pmdaproc-cgroups-fix.patch | 44 ++++++ 4 files changed, 245 insertions(+), 2 deletions(-) rename redhat-bugzilla-2003956-pmdasockets-backporting.patch => redhat-bugzilla-1981886-pmdasockets-backporting.patch (84%) create mode 100644 redhat-bugzilla-2059463-pmdapostfix-harden.patch create mode 100644 redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch diff --git a/pcp.spec b/pcp.spec index ae33228..f2b7e05 100644 --- a/pcp.spec +++ b/pcp.spec @@ -1,14 +1,16 @@ Name: pcp Version: 5.3.7 -Release: 3%{?dist} +Release: 5%{?dist} Summary: System-level performance monitoring and performance management License: GPLv2+ and LGPLv2+ and CC-BY URL: https://pcp.io %global artifactory https://performancecopilot.jfrog.io/artifactory Source0: %{artifactory}/pcp-source-release/pcp-%{version}.src.tar.gz -Patch0: redhat-bugzilla-2003956-pmdasockets-backporting.patch +Patch0: redhat-bugzilla-1981886-pmdasockets-backporting.patch Patch1: redhat-bugzilla-2059461-pmie-systemd-fixup.patch +Patch2: redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch +Patch3: redhat-bugzilla-2059463-pmdapostfix-harden.patch # The additional linker flags break out-of-tree PMDAs. # https://bugzilla.redhat.com/show_bug.cgi?id=2043092 @@ -2292,6 +2294,8 @@ updated policy package. %setup -q %patch0 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 %build # the buildsubdir macro gets defined in %setup and is apparently only available in the next step (i.e. the %build step) @@ -3349,6 +3353,11 @@ PCP_LOG_DIR=%{_logsdir} %files zeroconf -f pcp-zeroconf-files.rpm %changelog +* Thu May 05 2022 Nathan Scott - 5.3.7-5 +- Additional selinux policy rules for pmdasockets (BZ 1981886) +- Harden pmdapostfix(1) against missing Postfix (BZ 2059463) +- Fix cgroups failure on non-x86_64 platforms (BZ 2081262) + * Tue May 03 2022 Nathan Scott - 5.3.7-3 - Fix remaining issues in the pcp-ss(1) utility (BZ 1981886) - Remove benign pmie systemd unit file warning (BZ 2072971) diff --git a/redhat-bugzilla-2003956-pmdasockets-backporting.patch b/redhat-bugzilla-1981886-pmdasockets-backporting.patch similarity index 84% rename from redhat-bugzilla-2003956-pmdasockets-backporting.patch rename to redhat-bugzilla-1981886-pmdasockets-backporting.patch index 90cae8c..a2acfcf 100644 --- a/redhat-bugzilla-2003956-pmdasockets-backporting.patch +++ b/redhat-bugzilla-1981886-pmdasockets-backporting.patch @@ -372,3 +372,47 @@ index 183db5afa..009a00cd9 100644 __int32_t v6only; char skmem_str[64]; __int32_t skmem_rmem_alloc; +commit 77ba20d5e76ada83283a262dd2083b2fc284b5f8 +Author: Nathan Scott +Date: Thu May 5 09:33:46 2022 +1000 + + selinux: policy updates needed for the pmdasockets metrics + + Thanks to Jan Kurík and Miloš Malík we have the additional + selinux policy requirements - without these we see QE test + failures for this agent with pcp-ss(1) on RHEL. + + Related to Red Hat BZ #1981886. + +diff --git a/qa/917.out.in b/qa/917.out.in +index 3bd1dc15e..6a4356a12 100644 +--- a/qa/917.out.in ++++ b/qa/917.out.in +@@ -154,9 +154,9 @@ Checking policies. + # -- end logging_watch_journal_dirs(pcp_domain) expansion + allow [pcp_pmcd_t] [cluster_tmpfs_t] : [file] { write }; + allow [pcp_pmcd_t] [drbd_exec_t] : [file] { execute execute_no_trans }; +- allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read }; +- allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans }; +- allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { bind create getattr nlmsg_read setopt }; ++! allow [pcp_pmcd_t] self : [netlink_generic_socket] { bind create getattr setopt write read }; ++! allow [pcp_pmcd_t] [sbd_exec_t] : [file] { execute execute_no_trans }; ++! allow [pcp_pmcd_t] self : [netlink_tcpdiag_socket] { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write }; + allow [syslogd_t] [pcp_log_t] : [fifo_file] { open read write }; + allow [pcp_pmcd_t] [etc_t] : [dir] { open read search getattr lock ioctl }; + allow [pcp_pmcd_t] [shadow_t] : [file] { getattr ioctl lock open read }; +diff --git a/src/selinux/GNUlocaldefs b/src/selinux/GNUlocaldefs +index 1a1b1428c..1462c5ccb 100644 +--- a/src/selinux/GNUlocaldefs ++++ b/src/selinux/GNUlocaldefs +@@ -138,8 +138,8 @@ PCP_NETLINK_GENERIC_SOCKET_RULE="allow pcp_pmcd_t self:netlink_generic_socket { + endif + + ifeq "$(PCP_SELINUX_NETLINK_TCPDIAG_SOCKET_CLASS)" "true" +-PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { bind create getattr nlmsg_read setopt };" +-PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { bind create getattr nlmsg_read setopt };" ++PCP_NETLINK_TCPDIAG_SOCKET_CLASS="class netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };" ++PCP_NETLINK_TCPDIAG_SOCKET_RULE="allow pcp_pmcd_t self:netlink_tcpdiag_socket { append bind connect create getattr getopt ioctl lock read setattr setopt shutdown write };" + endif + + ifeq "$(PCP_SELINUX_LOCKDOWN_CLASS)" "true" diff --git a/redhat-bugzilla-2059463-pmdapostfix-harden.patch b/redhat-bugzilla-2059463-pmdapostfix-harden.patch new file mode 100644 index 0000000..73236d6 --- /dev/null +++ b/redhat-bugzilla-2059463-pmdapostfix-harden.patch @@ -0,0 +1,146 @@ +commit f54eddf494e474531e5af609bcc376037a918977 +Author: Nathan Scott +Date: Tue Apr 26 14:32:59 2022 +1000 + + pmdapostfix: harden against a not-yet-running postfix + + Ensure the postfix PMDA can start and service requests even + if postfix is not yet started. + +diff --git a/src/perl/PMDA/local.c b/src/perl/PMDA/local.c +index e223bde7a..33130bc5d 100644 +--- a/src/perl/PMDA/local.c ++++ b/src/perl/PMDA/local.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2012-2017 Red Hat. ++ * Copyright (c) 2012-2017,2022 Red Hat. + * Copyright (c) 2008-2011 Aconex. All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify it +@@ -139,18 +139,15 @@ int + local_tail(char *file, scalar_t *callback, int cookie) + { + int fd = open(file, O_RDONLY | O_NDELAY); +- struct stat stats; ++ struct stat stats = {0}; + int me; + +- if (fd < 0) { +- pmNotifyErr(LOG_ERR, "open failed (%s): %s", file, osstrerror()); +- exit(1); +- } +- if (fstat(fd, &stats) < 0) { +- pmNotifyErr(LOG_ERR, "fstat failed (%s): %s", file, osstrerror()); +- exit(1); +- } +- lseek(fd, 0L, SEEK_END); ++ if (fd < 0) ++ pmNotifyErr(LOG_INFO, "open failed (%s): %s", file, osstrerror()); ++ else if (fstat(fd, &stats) < 0) ++ pmNotifyErr(LOG_INFO, "fstat failed (%s): %s", file, osstrerror()); ++ else ++ lseek(fd, 0L, SEEK_END); + me = local_file(FILE_TAIL, fd, callback, cookie); + files[me].me.tail.path = strdup(file); + files[me].me.tail.dev = stats.st_dev; +@@ -416,10 +413,11 @@ local_pmdaMain(pmdaInterface *self) + } + + for (i = 0; i < nfiles; i++) { +- fd = files[i].fd; + /* check for log rotation or host reconnection needed */ + if ((count % 10) == 0) /* but only once every 10 */ + local_connection(&files[i]); ++ if ((fd = files[i].fd) < 0) ++ continue; + if (files[i].type != FILE_TAIL && !(__pmFD_ISSET(fd, &readyfds))) + continue; + offset = 0; +@@ -431,21 +429,16 @@ multiread: + (oserror() == EAGAIN) || + (oserror() == EWOULDBLOCK))) + continue; +- if (files[i].type == FILE_SOCK) { +- close(files[i].fd); +- files[i].fd = -1; +- continue; +- } +- pmNotifyErr(LOG_ERR, "Data read error on %s: %s\n", +- local_filetype(files[i].type), osstrerror()); +- exit(1); ++ close(files[i].fd); ++ files[i].fd = -1; ++ continue; + } + if (bytes == 0) { + if (files[i].type == FILE_TAIL) + continue; +- pmNotifyErr(LOG_ERR, "No data to read - %s may be closed\n", +- local_filetype(files[i].type)); +- exit(1); ++ close(files[i].fd); ++ files[i].fd = -1; ++ continue; + } + /* + * good read ... data up to buffer + offset + bytes is all OK +diff --git a/src/pmdas/postfix/pmdapostfix.pl b/src/pmdas/postfix/pmdapostfix.pl +index ac46816bc..d6d3f4d3a 100644 +--- a/src/pmdas/postfix/pmdapostfix.pl ++++ b/src/pmdas/postfix/pmdapostfix.pl +@@ -1,5 +1,5 @@ + # +-# Copyright (c) 2012-2015 Red Hat. ++# Copyright (c) 2012-2015,2022 Red Hat. + # Copyright (c) 2009-2010 Josef 'Jeff' Sipek + # + # This program is free software; you can redistribute it and/or modify it +@@ -56,8 +56,6 @@ my @postfix_received_dom = ( + 1 => 'smtp', + ); + +-my $setup = defined($ENV{'PCP_PERL_PMNS'}) || defined($ENV{'PCP_PERL_DOMAIN'}); +- + sub postfix_do_refresh + { + QUEUE: +@@ -212,7 +210,7 @@ $logstats{"received"}{1} = 0; + + # Note: + # Environment variables. +-# $PMDA_POSTFIX_QSHAPE: alternative executable qshape scrpipt (for QA) ++# $PMDA_POSTFIX_QSHAPE: alternative executable qshape script (for QA) + # ... over-rides default and command line argument. + # ... over-rides default arguments -b 10 -t $refresh + # $PMDA_POSTFIX_REFRESH: alternative refresh rate (for QA) +@@ -228,7 +226,7 @@ if (defined($ENV{'PMDA_POSTFIX_QSHAPE'})) { + $qshape = $ENV{'PMDA_POSTFIX_QSHAPE'}; + $qshape_args = ''; + } +-if (!$setup) { $pmda->log("qshape cmd: $qshape $qshape_args "); } ++unless (pmda_install()) { $pmda->log("qshape cmd: $qshape $qshape_args "); } + + if (defined($ENV{'PMDA_POSTFIX_REFRESH'})) { $refresh = $ENV{'PMDA_POSTFIX_REFRESH'}; } + +@@ -238,12 +236,15 @@ foreach my $file ( @logfiles ) { + } + } + if (defined($ENV{'PMDA_POSTFIX_LOG'})) { $logfile = $ENV{'PMDA_POSTFIX_LOG'}; } +-unless(defined($logfile)) +-{ +- $pmda->log("Fatal: No Postfix log file found in: @logfiles"); +- die 'No Postfix log file found'; ++unless (pmda_install()) { ++ if (defined($logfile)) { ++ $pmda->log("logfile: $logfile"); ++ } else { ++ $pmda->log("Warning: assuming logfile: $logfiles[0] as no Postfix log found yet from: @logfiles"); ++ } + } +-if (!$setup) { $pmda->log("logfile: $logfile"); } ++# set a good default if none found, before continuing ++unless (defined($logfile)) { $logfile = $logfiles[0]; } + + $pmda->add_indom($postfix_queues_indom, \@postfix_queues_dom, '', ''); + $pmda->add_indom($postfix_sent_indom, \@postfix_sent_dom, '', ''); diff --git a/redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch b/redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch new file mode 100644 index 0000000..77256ef --- /dev/null +++ b/redhat-bugzilla-2081262-pmdaproc-cgroups-fix.patch @@ -0,0 +1,44 @@ +commit d874d2e486c8a64fa9945ed7aa0048cccbd46f77 +Author: Nathan Scott +Date: Wed May 4 17:11:19 2022 +1000 + + pmdaproc: fix cgroup cpu metrics refresh structures + + Jan Kurik encountered this issue when running the regression + testsuite (especially qa/359) on non-x86_64 architectures. + + Something must've changed in the toolchain recently on these + platforms since we've not seen this before, but this bug has + been in our code for some time. It works everywhere else by + good fortune, when there just happen to be NULLs after these + cgroups CPU parsing data structures. + + Resolves Red Hat BZ #2081262. + +diff --git a/src/pmdas/linux_proc/cgroups.c b/src/pmdas/linux_proc/cgroups.c +index 413a72343..26d59863a 100644 +--- a/src/pmdas/linux_proc/cgroups.c ++++ b/src/pmdas/linux_proc/cgroups.c +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2012-2019 Red Hat. ++ * Copyright (c) 2012-2019,2022 Red Hat. + * Copyright (c) 2010 Aconex. All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify it +@@ -863,6 +863,7 @@ read_cpu_time(const char *file, cgroup_cputime_t *ccp) + { "usage_usec", &cputime.usage }, + { "user_usec", &cputime.user }, + { "system_usec", &cputime.system }, ++ { NULL, NULL } + }; + char buffer[4096], name[64]; + unsigned long long value; +@@ -903,6 +904,7 @@ read_cpu_stats(const char *file, cgroup_cpustat_t *ccp) + { "nr_periods", &cpustat.nr_periods }, + { "nr_throttled", &cpustat.nr_throttled }, + { "throttled_time", &cpustat.throttled_time }, ++ { NULL, NULL } + }; + char buffer[4096], name[64]; + unsigned long long value;