Compare commits
74 Commits
yum-suppor
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
8d373f599c
|
|||
|
17ef7eee8e
|
|||
|
0f713bf476
|
|||
|
9f08c5f687
|
|||
|
6fd96562ae
|
|||
|
76fe384d0f
|
|||
|
3d3dd379b7
|
|||
|
cc206f6198
|
|||
|
29c1256ee1
|
|||
|
4002279a20
|
|||
|
62ff301c3c
|
|||
|
fc6f29c0e1
|
|||
|
db865eafe9
|
|||
|
7cce11022c
|
|||
|
cef0f8d8bc
|
|||
|
00496493cd
|
|||
|
434858174c
|
|||
|
a4a28a1fb3
|
|||
|
ae560e96c0
|
|||
|
9970fe3365
|
|||
|
2491df81f6
|
|||
|
9593a7d09f
|
|||
|
093470d27d
|
|||
|
c2890da0f3
|
|||
|
2886e367b3
|
|||
|
59e8fcc4e6
|
|||
|
9261daeb74
|
|||
|
56901faefe
|
|||
|
8bd417de2d
|
|||
|
9e2ab32435
|
|||
|
29e5f865d0
|
|||
|
8bbd8dbec2
|
|||
|
76639d8472
|
|||
|
e0cb7b8ca0
|
|||
|
22a2b4557b
|
|||
|
2151f6f8f7
|
|||
|
e2a91dd8ae
|
|||
|
2a880b5033
|
|||
|
0e577bebc5
|
|||
|
6305fd053b
|
|||
|
5e5b77ed5e
|
|||
|
cd33f98b8b
|
|||
|
7ac103033c
|
|||
|
3ac30e5539
|
|||
|
39a61aeddd
|
|||
|
aafe46d429
|
|||
|
aae85806c1
|
|||
|
0ea7804427
|
|||
|
688af9ac62
|
|||
|
06ad5bde9e
|
|||
|
ac1a0baf92
|
|||
|
214ec6abad
|
|||
|
f5adcbc140
|
|||
|
5a20f43255
|
|||
|
a0a58c46d9
|
|||
|
3e3252ed48
|
|||
|
9eebd56869
|
|||
|
5d5947c99e
|
|||
|
afa616916d
|
|||
|
fd66a30de4
|
|||
|
994b93e3b4
|
|||
|
8a29ab82b0
|
|||
|
13e56c6d56
|
|||
|
4ca971687b
|
|||
|
eca94f40d9
|
|||
|
81dfa5567e
|
|||
|
b1c520b257
|
|||
|
712a4e986f
|
|||
|
32b98e4dbc
|
|||
|
44088bd64b
|
|||
|
aadd0e2641
|
|||
|
1322918dcc
|
|||
| 79dd24809d | |||
| 04cbedb9c0 |
47
bin/sau
47
bin/sau
@ -1,4 +1,4 @@
|
||||
#!/usr/bin/env python3.6
|
||||
#!/usr/bin/env python3.7
|
||||
import configparser
|
||||
import logging
|
||||
import logging.handlers
|
||||
@ -8,11 +8,12 @@ import sys
|
||||
import time
|
||||
|
||||
import sau
|
||||
import sau.errors
|
||||
import sau.services
|
||||
import sau.platforms
|
||||
|
||||
def init():
|
||||
sau.config = configparser.SafeConfigParser()
|
||||
sau.config = configparser.ConfigParser()
|
||||
conf = sau.config
|
||||
|
||||
if platform.system() == 'FreeBSD':
|
||||
@ -44,12 +45,23 @@ def init():
|
||||
log.addHandler(handler)
|
||||
|
||||
|
||||
def fork_and_reboot():
|
||||
def fork_and_reboot(report_success=True):
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
if report_success:
|
||||
exit_code=0
|
||||
else:
|
||||
exit_code=1
|
||||
|
||||
if os.path.exists('/proc/1/comm'):
|
||||
with open('/proc/1/comm', 'r') as f:
|
||||
if f.readline().strip() == 'systemd':
|
||||
os.execl('/usr/bin/systemctl', 'reboot')
|
||||
log.error("Failed to execl?")
|
||||
sys.exit(1)
|
||||
try:
|
||||
pid = os.fork()
|
||||
if pid != 0:
|
||||
sys.exit(0)
|
||||
sys.exit(exit_code)
|
||||
except OSError as err:
|
||||
log.error("Fork #1 failed when going for reboot: {}".format(err))
|
||||
sys.exit(1)
|
||||
@ -76,8 +88,6 @@ def fork_and_reboot():
|
||||
os.dup2(stdout.fileno(), sys.stdout.fileno())
|
||||
os.dup2(stderr.fileno(), sys.stderr.fileno())
|
||||
|
||||
log.warning("New fork!")
|
||||
|
||||
# sleep for a short while to give parent time to exit
|
||||
time.sleep(30)
|
||||
try:
|
||||
@ -95,22 +105,39 @@ def main():
|
||||
reboot_required = False
|
||||
reboot_recommended = False
|
||||
|
||||
try:
|
||||
if conf.getboolean('default', 'do_system_upgrade', fallback=True):
|
||||
reboot_required = platform.system_upgrade()
|
||||
|
||||
if conf.getboolean('default', 'do_package_upgrade', fallback=True):
|
||||
platform.pkg_upgrade()
|
||||
reboot_required = reboot_required or platform.pkg_upgrade()
|
||||
except sau.errors.UpgradeError as e:
|
||||
log.error(f'Upgrade failed: {e}')
|
||||
return 1
|
||||
|
||||
if not conf.getboolean('default', 'live_system', fallback=True):
|
||||
return 0
|
||||
|
||||
if conf.getboolean('default', 'do_service_restart', fallback=True):
|
||||
reboot_recommended = sau.services.restart_services()
|
||||
|
||||
if conf.getboolean('default', 'do_reboot', fallback=False):
|
||||
if reboot_required:
|
||||
log.warning('Rebooting because of a system upgrade')
|
||||
log.info('Rebooting because of a system upgrade')
|
||||
elif reboot_recommended:
|
||||
log.warning('Rebooting because service restarts did not close all deleted files')
|
||||
log.info('Rebooting because service restarts did not close all deleted files')
|
||||
if reboot_required or reboot_recommended:
|
||||
fork_and_reboot()
|
||||
fork_and_reboot(report_success=conf.getboolean('default', 'reboot_is_success', fallback=True))
|
||||
|
||||
if reboot_required:
|
||||
log.warning("Upgrade was success, but a reboot is required due to a system upgrade")
|
||||
return 1
|
||||
elif reboot_recommended:
|
||||
log.warning("Some services still uses old, deleted, files. You probably want to reboot")
|
||||
return 1
|
||||
|
||||
return 0
|
||||
|
||||
|
||||
def _conf_level_to_logging_level(conf_level):
|
||||
if conf_level.lower() == 'debug':
|
||||
|
||||
32
config.cfg
32
config.cfg
@ -12,13 +12,25 @@
|
||||
# 1.0.1 -> 1.0.1.1 (3)
|
||||
version_sensitivity=1
|
||||
|
||||
# Set to no if you're using sau in an environment where running processes
|
||||
# shouldn't be touched and reboots shouldn't be done, for example in chroots
|
||||
live_system=yes
|
||||
|
||||
# sau can reboot on system upgrades (FreeBSD) or if the service restarts does
|
||||
# not close all deleted files (any platform)
|
||||
do_reboot=no
|
||||
|
||||
# FreeBSD system update (freebsd-update fetch install, not freebsd-update upgrade)
|
||||
# Set to no to exit with failure code when going for reboot.
|
||||
reboot_is_success=yes
|
||||
|
||||
# Attempt to do a system upgrade
|
||||
# FreeBSD: upgrade to latest patch version using freebsd-update fetch install
|
||||
# Gentoo: allow upgrade of sys-kernel/-packages, clean old kernels, and update grub-config
|
||||
do_system_upgrade=yes
|
||||
|
||||
# On Gentoo kernel upgrades, remove all but the last keep_kernels kernels from /boot
|
||||
keep_kernels=4
|
||||
|
||||
# upgrade packages
|
||||
do_package_upgrade=yes
|
||||
|
||||
@ -30,6 +42,14 @@ default_service_policy=ignore
|
||||
# do depclean on Gentoo
|
||||
do_depclean=yes
|
||||
|
||||
# do eix-sync on Gentoo
|
||||
do_reposync=yes
|
||||
|
||||
# do live-rebuild, go-rebuild, rust-rebuild, perl-cleaner etc. on Gentoo
|
||||
# set to no if using binary packages that are bumped when needed.
|
||||
# Leave as yes on package builders and if not using binary packages.
|
||||
do_rebuilds=yes
|
||||
|
||||
# to only write to stderr when something unexpected happens or manual action is required
|
||||
# set stderr_loglevel to warning
|
||||
stderr_loglevel=debug
|
||||
@ -41,12 +61,10 @@ syslog_loglevel=info
|
||||
# platform
|
||||
[packages]
|
||||
# Gentoo uses the category/package naming scheme
|
||||
dev-db/postgresql=2
|
||||
dev-db/postgresql=1
|
||||
|
||||
# Gentoo kernel stuff should be updated manually
|
||||
sys-kernel/gentoo-sources=-1
|
||||
sys-kernel/spl=-1
|
||||
sys-fs/zfs-kmod=-1
|
||||
# It's safer to upgrade zfs manually
|
||||
sys-fs/zfs-kmod=99
|
||||
|
||||
# FreeBSD uses the short package name (without category)
|
||||
gitlab=2
|
||||
@ -64,7 +82,7 @@ qemu-system-x86_64=
|
||||
#ruby24=puppetserver puppetdb
|
||||
|
||||
# The services section contains restart policy for specific services.
|
||||
# valid policies are 'ignore', 'warn', 'restart' and 'silent-restart'.
|
||||
# valid policies are 'ignore', 'warn', 'restart', 'silent-restart' and 'reboot'.
|
||||
# 'silent-restart' is like 'restart', but will not log a warning when
|
||||
# the service is restarted.
|
||||
[services]
|
||||
|
||||
@ -1,2 +1 @@
|
||||
|
||||
LOGNAME="sau"
|
||||
|
||||
@ -5,3 +5,5 @@ class PlatformNotSupported(Exception):
|
||||
class UnknownServiceError(Exception):
|
||||
pass
|
||||
|
||||
class UpgradeError(Exception):
|
||||
pass
|
||||
|
||||
@ -132,5 +132,14 @@ def pkg_upgrade():
|
||||
for line in err.splitlines():
|
||||
log.warning('stderr: {}'.format(line))
|
||||
|
||||
if conf.getboolean('default', 'do_depclean', fallback=False):
|
||||
cmd = [ PKG_PATH, 'autoremove', '-yq' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=3600)
|
||||
if ret != 0 or err:
|
||||
log.warning('{} failed:'.format(' '.join(cmd)))
|
||||
for line in out.splitlines():
|
||||
log.warning('stdout: {}'.format(line))
|
||||
for line in err.splitlines():
|
||||
log.warning('stderr: {}'.format(line))
|
||||
return True
|
||||
|
||||
|
||||
343
sau/gentoo.py
343
sau/gentoo.py
@ -4,32 +4,35 @@ import re
|
||||
|
||||
import sau
|
||||
import sau.helpers
|
||||
import sau.services
|
||||
|
||||
EIX_UPDATE_PATH='/usr/bin/eix-update'
|
||||
EIX_SYNC_PATH='/usr/bin/eix-sync'
|
||||
RC_SERVICE_PATH='/sbin/rc-service'
|
||||
SYSTEMCTL='/usr/bin/systemctl'
|
||||
EMERGE_PATH='/usr/bin/emerge'
|
||||
EQUERY_PATH='/usr/bin/equery'
|
||||
EMAINT_PATH='/usr/sbin/emaint'
|
||||
PCLEAN_PATH='/usr/bin/perl-cleaner'
|
||||
GRUB_MKCONFIG='/usr/sbin/grub-mkconfig'
|
||||
|
||||
# parsing output from eix -Ttnc
|
||||
package_re = re.compile('^\[([^\]])\] ([^ ]*) \((.*)\): .*$')
|
||||
package_re = re.compile(r'^\[([^\]])\] ([^ ]*) \((.*)\): .*$')
|
||||
# parsing version information from substrings of the above
|
||||
slot_re = re.compile('^(\(~\))?([^\(]+)(\([^\)]+\))$')
|
||||
slot_re = re.compile(r'^(\(~\))?([^\(]+)(\([^\)]+\))$')
|
||||
|
||||
def identify_service_from_bin(exe):
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
|
||||
if sau.services.on_systemd():
|
||||
init_script_re = re.compile(r'[^/]*(.*)\.service$')
|
||||
else:
|
||||
init_script_re = re.compile(r'/etc/init\.d/(.*)')
|
||||
|
||||
cmd = [ EQUERY_PATH, '-Cq', 'b', exe ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd)
|
||||
|
||||
if ret != 0:
|
||||
log.warning("searching for owner of {} failed:".format(exe))
|
||||
for line in out.splitlines():
|
||||
log.warning("stdout: {}".format(line))
|
||||
for line in err.splitlines():
|
||||
log.warning("stderr: {}".format(line))
|
||||
return None
|
||||
raise sau.errors.UnknownServiceError("searching for owner of {} failed:".format(exe))
|
||||
|
||||
pkg = out.strip()
|
||||
cmd = [ EQUERY_PATH, '-Cq', 'f', pkg ]
|
||||
@ -48,9 +51,9 @@ def identify_service_from_bin(exe):
|
||||
if match:
|
||||
matches.add(match.group(1))
|
||||
if len(matches) < 1:
|
||||
log.warning('Could not find any init script in package {}'.format(pkg))
|
||||
raise sau.errors.UnknownServiceError('Could not find any init script in package {}'.format(pkg))
|
||||
elif len(matches) > 1:
|
||||
log.warning('Found multiple init script in package {}'.format(pkg))
|
||||
raise sau.errors.UnknownServiceError('Found multiple init script in package {}'.format(pkg))
|
||||
else:
|
||||
return matches.pop()
|
||||
return None
|
||||
@ -58,6 +61,9 @@ def identify_service_from_bin(exe):
|
||||
|
||||
def restart_service(service):
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
if sau.services.on_systemd():
|
||||
cmd = [ SYSTEMCTL, 'restart', service ]
|
||||
else:
|
||||
cmd = [ RC_SERVICE_PATH, service, 'restart' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd)
|
||||
|
||||
@ -72,50 +78,121 @@ def restart_service(service):
|
||||
|
||||
def system_upgrade():
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
log.debug('Gentoo has no concept of system upgrade, ignoring...')
|
||||
log.debug('Gentoo "system_upgrade" is done at package upgrade stage; ignoring here...')
|
||||
return False
|
||||
|
||||
def _sync_portage():
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
|
||||
if os.path.exists(EIX_SYNC_PATH):
|
||||
cmd = [ EIX_SYNC_PATH, '-q' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=3600)
|
||||
else:
|
||||
cmd = [ EMERGE_PATH, '-q', '--sync' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=3600)
|
||||
|
||||
if ret != 0:
|
||||
log.warning("Portage sync failed:")
|
||||
log.error("Portage sync failed:")
|
||||
for line in out.splitlines():
|
||||
log.warning("stdout: {}".format(line))
|
||||
log.error("stdout: {}".format(line))
|
||||
for line in err.splitlines():
|
||||
log.warning("stderr: {}".format(line))
|
||||
log.error("stderr: {}".format(line))
|
||||
raise sau.errors.UpgradeError(f'Sync command {cmd} failed')
|
||||
|
||||
if os.path.exists(EIX_UPDATE_PATH):
|
||||
cmd = [ EIX_UPDATE_PATH, '-q' ]
|
||||
cmd = [ EMAINT_PATH, '-f', 'all' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=3600)
|
||||
|
||||
if ret != 0:
|
||||
log.warning("eix-update failed:")
|
||||
log.warning("emaint failed:")
|
||||
for line in out.splitlines():
|
||||
log.warning("stdout: {}".format(line))
|
||||
for line in err.splitlines():
|
||||
log.warning("stderr: {}".format(line))
|
||||
|
||||
def is_system_package(atom, eclasses):
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
name=re.sub(r'^[<=>]*(.*?)(?:-\d)?(?:::\w+)?$', r'\1', atom)
|
||||
|
||||
# sys-boot/ category should probably always be considered
|
||||
# system-packages
|
||||
if name.split('/')[0] == 'sys-boot':
|
||||
log.debug(f"{name} is a sys-boot package")
|
||||
return True
|
||||
|
||||
if eclasses is True:
|
||||
return True
|
||||
|
||||
# libc-packages should be considered system-packages as they generally
|
||||
# requires the system to be restarted. Not sure if there is a better way
|
||||
# then just checking for specific packages here, but as far as I know there
|
||||
# are not many of them anyway...
|
||||
if re.search(r'^sys-libs/(glibc|musl)', name):
|
||||
log.debug(f"{name} is a libc package")
|
||||
return True
|
||||
|
||||
if any([
|
||||
x in eclasses for x in [
|
||||
'dist-kernel-utils',
|
||||
'linux-mod',
|
||||
'kernel-install' ]
|
||||
]):
|
||||
log.debug(f"{name} is of system eclass (eclasses: {eclasses})")
|
||||
return True
|
||||
return False
|
||||
|
||||
def get_eclasses(atom):
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
eclasses = []
|
||||
name=re.sub(r'^[<=>]*(.*?)(?:-\d+)?(?:::\w+)?$', r'\1', atom)
|
||||
test_re = re.compile(r'^\s*inherit\s+')
|
||||
cmd=[ EQUERY_PATH, 'w', name ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd)
|
||||
if not ret == 0:
|
||||
log.warning(f'Unable to locate ebuild for {atom}')
|
||||
# better safe than sorry; if we don't know, let's pretend it's a system
|
||||
# package
|
||||
return True
|
||||
path = out.strip()
|
||||
if not os.path.isfile(path):
|
||||
log.warning(f"This path doesn't look lika a path to the ebuild for {name}: {path}")
|
||||
return True
|
||||
with open(path, 'r', encoding='utf-8') as f:
|
||||
for line in f.readlines():
|
||||
if eclasses and eclasses[-1] == '\\':
|
||||
eclasses = eclasses[:-1]
|
||||
eclasses.extend(line.split())
|
||||
if re.search(test_re, line):
|
||||
if re.search(test_re, line):
|
||||
eclasses.extend(line.split()[1:])
|
||||
|
||||
# Remove revisions from eclasses, hopefully makes it less messy if they get
|
||||
# updated
|
||||
eclasses = [re.sub(r'^(.*?)-r\d+', r'\1', x) for x in eclasses]
|
||||
return eclasses
|
||||
|
||||
def get_dependencies(atom):
|
||||
cmd=[ EQUERY_PATH, '-q', 'd', '-F', '$cp', atom ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd)
|
||||
dependencies = [l.strip() for l in out.splitlines()]
|
||||
return dependencies
|
||||
|
||||
|
||||
def pkg_upgrade():
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
conf = sau.config
|
||||
do_system_upgrade = conf.getboolean('default', 'do_system_upgrade', fallback=False)
|
||||
|
||||
if conf.getboolean('default', 'do_reposync', fallback=True):
|
||||
_sync_portage()
|
||||
|
||||
# [ebuild U ] media-plugins/alsa-plugins-1.1.8 [1.1.6]
|
||||
pretend_re = re.compile(r'^\[ebuild ([^\]]*)\] ([^ ]+)( \[[^\]]+\])?')
|
||||
# media-plugins/alsa-plugins-1.1.8
|
||||
version_re = re.compile(r'^(.*/.*)-(\d+.*)$')
|
||||
|
||||
pretend_re = re.compile(r'^\[(?:ebuild|binary) ([^\]]*)\] ([^ ]+?)-(\d[-\.\w]*)( \[[^\]]+\])?')
|
||||
ignore_re = re.compile(r'^(|.*caus.* rebuilds.*|.*scheduled for merge.*|.*waiting for lock on.*)$')
|
||||
|
||||
default_version_sens = conf.getint('default', 'version_sensitivity', fallback=1)
|
||||
|
||||
cmd = [ EMERGE_PATH, '--color', 'n', '-uDNpq', '@world' ]
|
||||
## Query upgradeable packages
|
||||
cmd = [ EMERGE_PATH, '--color', 'n', '-uDNpq', '--with-bdeps=y', '@world' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd)
|
||||
|
||||
if not ret == 0:
|
||||
@ -124,9 +201,11 @@ def pkg_upgrade():
|
||||
log.error('stdout: {}'.format(line))
|
||||
for line in err.splitlines():
|
||||
log.error('stderr: {}'.format(line))
|
||||
return False
|
||||
raise sau.errors.UpgradeError(f'Failed to calculate upgrade path')
|
||||
|
||||
do_rebuild = True
|
||||
do_grub = False
|
||||
rebuild_packages = {}
|
||||
for line in out.splitlines():
|
||||
if re.match(ignore_re, line):
|
||||
continue
|
||||
@ -136,67 +215,225 @@ def pkg_upgrade():
|
||||
continue
|
||||
status = match.group(1)
|
||||
name = match.group(2)
|
||||
old = match.group(3)
|
||||
new = match.group(3)
|
||||
old = match.group(4)
|
||||
if not old:
|
||||
continue
|
||||
old = old.strip(' []')
|
||||
nmatch = re.match(version_re, name)
|
||||
name = nmatch.group(1)
|
||||
version = nmatch.group(2)
|
||||
|
||||
sens = conf.getint('packages', name, fallback=default_version_sens)
|
||||
common = sau.helpers.version_diff(version, old)
|
||||
common = sau.helpers.version_diff(new, old)
|
||||
if sens <= common:
|
||||
log.info('{}-{} -> {} configured level {} <= pkg level {}'.format(name, old, version, sens, common))
|
||||
log.info('{} -- {} -> {} configured level {} <= pkg level {}'.format(name, old, new, sens, common))
|
||||
else:
|
||||
log.warning('{}-{} -> {} configured level {} > pkg level {}'.format(name, old, version, sens, common))
|
||||
log.error('{} -- {} -> {} configured level {} > pkg level {}'.format(name, old, new, sens, common))
|
||||
do_rebuild = False
|
||||
|
||||
nameversion = f'{name}-{new}'
|
||||
eclasses = get_eclasses(nameversion)
|
||||
rebuild_packages[name] = eclasses
|
||||
|
||||
for package,eclasses in rebuild_packages.items():
|
||||
if is_system_package(package, eclasses):
|
||||
if do_system_upgrade:
|
||||
do_grub = True
|
||||
else:
|
||||
raise sau.errors.UpgradeError(f"System package {package} has an update, but system upgrade is disabled")
|
||||
|
||||
if not do_rebuild:
|
||||
log.warning('Some packages require manual attention, did not upgrade')
|
||||
raise sau.errors.UpgradeError('Some packages require manual attention, did not upgrade')
|
||||
|
||||
if not rebuild_packages:
|
||||
log.info('No packages to upgrade')
|
||||
return False
|
||||
|
||||
cmd = [ EMERGE_PATH, '--color', 'n', '-uDNq', '@world' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=36000)
|
||||
## Actual upgrade
|
||||
cmd = [ EMERGE_PATH, '--color', 'n', '-uDNq', '--with-bdeps=y', '@world' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=72000)
|
||||
|
||||
if ret != 0 or err:
|
||||
log.warning('emerge returned {}'.format(ret))
|
||||
log.error('emerge returned {}'.format(ret))
|
||||
for line in out.splitlines():
|
||||
log.warning('stdout: {}'.format(line))
|
||||
log.error('stdout: {}'.format(line))
|
||||
for line in err.splitlines():
|
||||
log.warning('stderr: {}'.format(line))
|
||||
log.error('stderr: {}'.format(line))
|
||||
raise sau.errors.UpgradeError(f'Error during upgrade')
|
||||
else:
|
||||
log.info('upgrade complete')
|
||||
for line in out.splitlines():
|
||||
if line.startswith(' * '):
|
||||
log.warning(line)
|
||||
|
||||
cmd = [ EMERGE_PATH, '--color', 'n', '-q', '@preserved-rebuild' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=36000)
|
||||
## rebuild as needed
|
||||
do_rebuild = conf.getboolean('default', 'do_rebuilds', fallback=True)
|
||||
if do_rebuild:
|
||||
# from here on we shouldn't need to rebuild the upgraded packages again
|
||||
exclude_list = ' --exclude '.join(rebuild_packages.keys()).split()
|
||||
|
||||
# Rebuild go
|
||||
go_packages = []
|
||||
cmd = None
|
||||
for package,eclasses in rebuild_packages.items():
|
||||
if 'go-module' in eclasses or package == 'dev-lang/go':
|
||||
go_packages.append(package)
|
||||
if 'dev-lang/go' in go_packages:
|
||||
log.info("Running golang-rebuild due to update of dev-lang/go")
|
||||
cmd = [
|
||||
EMERGE_PATH,
|
||||
'--color', 'n',
|
||||
'-q',
|
||||
'--usepkg', 'n',
|
||||
'@golang-rebuild',
|
||||
'--exclude' ] + exclude_list
|
||||
elif go_packages:
|
||||
dependencies = []
|
||||
for package in go_packages:
|
||||
dependencies.extend(get_dependencies(package))
|
||||
dependencies = set(dependencies)
|
||||
upgraded = set(rebuild_packages.keys())
|
||||
not_upgraded = dependencies-upgraded
|
||||
if not_upgraded:
|
||||
log.info(f'Rebuilding packages dependant of go modules {", ".join(go_packages)}')
|
||||
cmd = [
|
||||
EMERGE_PATH,
|
||||
'--color', 'n',
|
||||
'-q',
|
||||
'--usepkg', 'n'] + not_upgraded
|
||||
if cmd:
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=72000)
|
||||
if ret != 0 or err:
|
||||
log.error('Rebuild of go packages returned {}'.format(ret))
|
||||
for line in out.splitlines():
|
||||
log.error('stdout: {}'.format(line))
|
||||
for line in err.splitlines():
|
||||
log.error('stderr: {}'.format(line))
|
||||
raise sau.errors.UpgradeError(f'Error during go rebuild')
|
||||
else:
|
||||
log.info('go rebuild complete')
|
||||
for line in out.splitlines():
|
||||
if line.startswith(' * '):
|
||||
log.warning(line)
|
||||
|
||||
# rebuild rust
|
||||
if any([x in rebuild_packages for x in ('dev-lang/rust', 'dev-lang/rust-bin')]):
|
||||
log.info("Running rust-rebuild due to update of rust")
|
||||
cmd = [
|
||||
EMERGE_PATH,
|
||||
'--color', 'n',
|
||||
'-q',
|
||||
'--usepkg', 'n',
|
||||
'@rust-rebuild',
|
||||
'--exclude' ] + exclude_list
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=72000)
|
||||
if ret != 0 or err:
|
||||
log.error('Rebuild of rust packages returned {}'.format(ret))
|
||||
for line in out.splitlines():
|
||||
log.error('stdout: {}'.format(line))
|
||||
for line in err.splitlines():
|
||||
log.error('stderr: {}'.format(line))
|
||||
raise sau.errors.UpgradeError(f'Error during rust rebuild')
|
||||
else:
|
||||
log.info('rust rebuild complete')
|
||||
for line in out.splitlines():
|
||||
if line.startswith(' * '):
|
||||
log.warning(line)
|
||||
|
||||
# run perl-cleaner
|
||||
if 'dev-lang/perl' in rebuild_packages:
|
||||
log.info("Running perl-cleaner due to perl upgrade")
|
||||
cmd = [ PCLEAN_PATH, '--all', '--', '-q', '--usepkg', 'n']
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=72000)
|
||||
if ret != 0 or err:
|
||||
log.error('perl-cleaner failed with code {}'.format(ret))
|
||||
for line in out.splitlines():
|
||||
log.error('stdout: {}'.format(line))
|
||||
for line in err.splitlines():
|
||||
log.error('stderr: {}'.format(line))
|
||||
raise sau.errors.UpgradeError(f'Error during perl-cleaner')
|
||||
else:
|
||||
log.info('perl-cleaner complete')
|
||||
for line in out.splitlines():
|
||||
if line.startswith(' * '):
|
||||
log.warning(line)
|
||||
|
||||
# rebuild live packages
|
||||
cmd = [ EMERGE_PATH, '--color', 'n', '-q', '--usepkg', 'n', '@live-rebuild' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=3600)
|
||||
if ret != 0 or err:
|
||||
log.error('live-rebuild returned {}'.format(ret))
|
||||
for line in out.splitlines():
|
||||
log.error('stdout: {}'.format(line))
|
||||
for line in err.splitlines():
|
||||
log.error('stderr: {}'.format(line))
|
||||
raise sau.errors.UpgradeError(f'Error during live-rebuild')
|
||||
else:
|
||||
log.info('live-rebuild complete')
|
||||
for line in out.splitlines():
|
||||
if line.startswith(' * '):
|
||||
log.warning(line)
|
||||
|
||||
|
||||
## Depclean
|
||||
if conf.getboolean('default', 'do_depclean', fallback=False):
|
||||
cmd = [ EMERGE_PATH, '--color', 'n', '-q', '--depclean' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=3600)
|
||||
if ret != 0 or err:
|
||||
log.error('depclean returned {}'.format(ret))
|
||||
for line in out.splitlines():
|
||||
log.error('stdout: {}'.format(line))
|
||||
for line in err.splitlines():
|
||||
log.error('stderr: {}'.format(line))
|
||||
raise sau.errors.UpgradeError(f'Error during depclean')
|
||||
else:
|
||||
log.info('depclean complete')
|
||||
for line in out.splitlines():
|
||||
if line.startswith(' * '):
|
||||
log.warning(line)
|
||||
|
||||
|
||||
## Preserved rebuild
|
||||
cmd = [ EMERGE_PATH, '--color', 'n', '--usepkg', 'n', '-q', '@preserved-rebuild' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=72000)
|
||||
|
||||
if ret != 0 or err:
|
||||
log.warning('preserved-rebuild returned {}'.format(ret))
|
||||
log.error('preserved-rebuild returned {}'.format(ret))
|
||||
for line in out.splitlines():
|
||||
log.warning('stdout: {}'.format(line))
|
||||
log.error('stdout: {}'.format(line))
|
||||
for line in err.splitlines():
|
||||
log.warning('stderr: {}'.format(line))
|
||||
log.error('stderr: {}'.format(line))
|
||||
raise sau.errors.UpgradeError(f'Error during preserved-rebuild')
|
||||
else:
|
||||
log.info('preserved-rebuild complete')
|
||||
for line in out.splitlines():
|
||||
if line.startswith(' * '):
|
||||
log.warning(line)
|
||||
|
||||
if conf.getboolean('default', 'do_depclean', fallback=False):
|
||||
cmd = [ EMERGE_PATH, '--color', 'n', '-q', '--depclean' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd, timeout=3600)
|
||||
if ret != 0 or err:
|
||||
log.warning('depclean returned {}'.format(ret))
|
||||
|
||||
# doing grub reconfig and clean old kernels
|
||||
if do_grub and os.path.exists(GRUB_MKCONFIG):
|
||||
keep_kernels = conf.getint('default', 'keep_kernels', fallback=4)
|
||||
if keep_kernels < 1:
|
||||
log.error('keep_kernels cannot be less than one; falling back to default')
|
||||
keep_kernels = 4
|
||||
for root, dirs, files in os.walk('/boot'):
|
||||
for sysfile in ['config', 'initramfs', 'System.map', 'vmlinuz', 'kernel']:
|
||||
match = sorted(
|
||||
[f for f in files if f.startswith(f'{sysfile}-')],
|
||||
reverse=True)
|
||||
for f in match[keep_kernels:]:
|
||||
log.debug(f"Removing old kernel file {f}")
|
||||
os.remove(os.path.join(root, f))
|
||||
break
|
||||
|
||||
cmd = [ GRUB_MKCONFIG, '-o', '/boot/grub/grub.cfg' ]
|
||||
ret, out, err = sau.helpers.exec_cmd(cmd)
|
||||
if ret != 0:
|
||||
log.error(f"grub-mkconfig returned {ret}:")
|
||||
for line in out.splitlines():
|
||||
log.warning('stdout: {}'.format(line))
|
||||
log.error('stdout: {}'.format(line))
|
||||
for line in err.splitlines():
|
||||
log.warning('stderr: {}'.format(line))
|
||||
log.error('stderr: {}'.format(line))
|
||||
raise sau.errors.UpgradeError(f'Failed to reconfiugre grub')
|
||||
else:
|
||||
log.info('depclean complete')
|
||||
for line in out.splitlines():
|
||||
if line.startswith(' * '):
|
||||
log.warning(line)
|
||||
log.info("grub reconfigured")
|
||||
return True
|
||||
|
||||
@ -1,17 +1,21 @@
|
||||
import logging
|
||||
import os
|
||||
import subprocess
|
||||
import time
|
||||
|
||||
import sau
|
||||
|
||||
def exec_cmd(cmd, timeout=900, env = None):
|
||||
my_env = os.environ.copy()
|
||||
if env:
|
||||
my_env.update(env)
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
log.debug('Executing "{}"'.format(' '.join(cmd)))
|
||||
proc = subprocess.Popen(
|
||||
cmd,
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE,
|
||||
env = env)
|
||||
env = my_env)
|
||||
out = b""
|
||||
err = b""
|
||||
|
||||
|
||||
@ -1,3 +1,4 @@
|
||||
import os
|
||||
import platform
|
||||
|
||||
import sau.errors
|
||||
@ -9,9 +10,10 @@ def get_platform():
|
||||
if platform.system() == 'FreeBSD':
|
||||
platform_mod = sau.freebsd
|
||||
elif platform.system() == 'Linux':
|
||||
if 'gentoo' in platform.release():
|
||||
if os.path.exists('/usr/bin/emerge'):
|
||||
platform_mod = sau.gentoo
|
||||
|
||||
|
||||
if not platform_mod:
|
||||
raise sau.errors.PlatformNotSupported("System: {} Release: {} Version: {} is not supported".format(
|
||||
platform.system(),
|
||||
|
||||
152
sau/services.py
152
sau/services.py
@ -1,4 +1,3 @@
|
||||
#!/usr/bin/env python3.6
|
||||
import logging
|
||||
import os
|
||||
import re
|
||||
@ -8,11 +7,20 @@ import psutil
|
||||
|
||||
import sau
|
||||
import sau.errors
|
||||
import sau.helpers
|
||||
import sau.platforms
|
||||
|
||||
proc_fd_map_re = re.compile(r'^.*(/[^\(]*) \(deleted\)$')
|
||||
proc_fd_map_re = re.compile(r'^.*(/(?:usr|lib|opt|etc|s?bin)[^\(]*) \(deleted\)$')
|
||||
|
||||
def _get_deleted_open_files(proc):
|
||||
valid_service_policies=('restart', 'warn', 'ignore', 'silent-restart',
|
||||
'reboot', 'silent-reboot')
|
||||
|
||||
def _warn(policy, msg):
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
if not policy.startswith('silent'):
|
||||
log.warning(msg)
|
||||
|
||||
def get_deleted_open_files(proc):
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
files = set()
|
||||
|
||||
@ -23,7 +31,8 @@ def _get_deleted_open_files(proc):
|
||||
for line in f:
|
||||
match = re.match(proc_fd_map_re, line)
|
||||
if match:
|
||||
files.add(match.group(1))
|
||||
fname = match.group(1)
|
||||
files.add(fname)
|
||||
return files
|
||||
|
||||
# on FreeBSD psutils open_files() helpfully returns a null path if a file
|
||||
@ -58,25 +67,42 @@ def get_exe_file(name):
|
||||
log.debug('Found binary for {} at {}'.format(name, root))
|
||||
return os.path.join(root, name)
|
||||
|
||||
# return all processes with open files
|
||||
def _get_processes():
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
check_procs = set()
|
||||
for proc in psutil.process_iter():
|
||||
files = get_deleted_open_files(proc)
|
||||
if files:
|
||||
log.debug('{} has open deleted files'.format(proc))
|
||||
check_procs.add(proc)
|
||||
|
||||
return check_procs
|
||||
|
||||
# Just return True if system is running on systemd
|
||||
def on_systemd():
|
||||
try:
|
||||
init_proc = psutil.Process(pid=1)
|
||||
if init_proc.name() == 'systemd':
|
||||
return True
|
||||
except psutil.NoSuchProcess:
|
||||
pass
|
||||
return False
|
||||
|
||||
def restart_services():
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
platform = sau.platforms.get_platform()
|
||||
conf = sau.config
|
||||
check_procs = set()
|
||||
for proc in psutil.process_iter():
|
||||
files = _get_deleted_open_files(proc)
|
||||
if files:
|
||||
log.info('{} has open deleted files'.format(proc))
|
||||
check_procs.add(proc)
|
||||
|
||||
check_procs = _get_processes()
|
||||
# wait before the second test
|
||||
time.sleep(1)
|
||||
time.sleep(5)
|
||||
|
||||
# perform a second check to remove potential false positives
|
||||
service_procs = set()
|
||||
retest_procs = set()
|
||||
for proc in check_procs:
|
||||
files = _get_deleted_open_files(proc)
|
||||
files = get_deleted_open_files(proc)
|
||||
if not files:
|
||||
# no deleted open files for this process any longer
|
||||
continue
|
||||
@ -85,71 +111,73 @@ def restart_services():
|
||||
except (psutil.NoSuchProcess, psutil.ZombieProcess, psutil.AccessDenied):
|
||||
# either of the above exceptions means the process has quit
|
||||
continue
|
||||
if on_systemd():
|
||||
service_procs.add(proc)
|
||||
else:
|
||||
parent = _get_top_parent(proc)
|
||||
|
||||
service_procs.add(parent)
|
||||
|
||||
retest_procs.add(proc)
|
||||
|
||||
processes = {}
|
||||
recommend_restart = False
|
||||
services = {}
|
||||
for proc in service_procs:
|
||||
if not proc:
|
||||
continue
|
||||
|
||||
service_name = None
|
||||
try:
|
||||
service_exe = proc.exe()
|
||||
proc_name = proc.name()
|
||||
except (psutil.NoSuchProcess, psutil.ZombieProcess, psutil.AccessDenied):
|
||||
log.debug('{} died before it could be restarted'.format(proc))
|
||||
continue
|
||||
|
||||
service_name = _get_service_from_proc(proc)
|
||||
|
||||
if not service_name:
|
||||
log.debug('no service for process {}'.format(proc))
|
||||
log.warning('no service for process {}'.format(proc))
|
||||
recommend_restart = True
|
||||
continue
|
||||
if service_name == 'systemd':
|
||||
log.info("Upgrade of systemd detected; doing daemon-reexec")
|
||||
sau.helpers.exec_cmd([ '/usr/bin/systemctl', 'daemon-reexec' ])
|
||||
continue
|
||||
elif service_name == '@ignore':
|
||||
log.info(f"Process {proc} ignored by configuration")
|
||||
retest_procs.discard(proc)
|
||||
continue
|
||||
|
||||
services[proc_name] = service_name
|
||||
processes[service_name] = [proc]
|
||||
|
||||
for service in set([x for x in services.values() if x]):
|
||||
policy = _get_service_restart_policy(service)
|
||||
if policy == 'ignore':
|
||||
log.info('Service "{}" ignored by configuration'.format(service))
|
||||
[retest_procs.discard(x) for x,y in services.items() if y == service]
|
||||
continue
|
||||
elif policy == 'warn':
|
||||
log.warning('Service "{}" has open deleted files and should be restarted'.format(service))
|
||||
continue
|
||||
if not policy.startswith('silent'):
|
||||
log.warning('Restarting service {}'.format(service))
|
||||
elif 'reboot' in policy:
|
||||
_warn(policy, 'Rebooting because {} has opened files'.format(service))
|
||||
recommend_restart = True
|
||||
_warn(policy, 'Restarting service {}'.format(service))
|
||||
platform.restart_service(service)
|
||||
|
||||
recommend_restart = False
|
||||
tested_parents = set()
|
||||
for proc in retest_procs:
|
||||
parent = _get_top_parent(proc)
|
||||
if not parent:
|
||||
try:
|
||||
proc_name = proc.name()
|
||||
if proc_name not in services:
|
||||
continue
|
||||
parent_name = parent.name()
|
||||
if parent in tested_parents:
|
||||
log.debug('{} belongs to already tested parent {}'.format(proc, parent))
|
||||
except (psutil.NoSuchProcess, psutil.ZombieProcess, psutil.AccessDenied):
|
||||
continue
|
||||
|
||||
if _get_deleted_open_files(proc):
|
||||
tested_parents.add(parent)
|
||||
service = _get_service_from_proc(parent)
|
||||
if not service:
|
||||
log.warning('could not re-check process {} - failed to identify service'.format(proc))
|
||||
recommend_restart = True
|
||||
continue
|
||||
|
||||
log.debug('{} is in service {}'.format(proc, service))
|
||||
if parent_name in services and not services[parent_name]:
|
||||
log.warning('{} (parent {}) does not belong to a service and could not be restarted'.format(proc, parent))
|
||||
recommend_restart = True
|
||||
continue
|
||||
elif parent_name in services:
|
||||
if get_deleted_open_files(proc):
|
||||
service = services[proc_name]
|
||||
policy = _get_service_restart_policy(service)
|
||||
log.debug('service {} has policy {}'.format(service, policy))
|
||||
if policy in ('ignore', 'warn'):
|
||||
continue
|
||||
log.warning('{} (parent {}) still has deleted files open'.format(proc, parent))
|
||||
_warn(policy, f'{proc} still has deleted files open')
|
||||
recommend_restart = True
|
||||
return recommend_restart
|
||||
|
||||
@ -157,13 +185,13 @@ def _get_service_restart_policy(service):
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
conf = sau.config
|
||||
policy = conf.get('services', service, fallback=None)
|
||||
if policy and policy.lower() in ('restart', 'warn', 'ignore', 'silent-restart'):
|
||||
if policy and policy.lower() in valid_service_policies:
|
||||
return policy.lower()
|
||||
elif policy:
|
||||
log.warning('service policy {} for {} is invalid'.format(policy, service))
|
||||
|
||||
default_policy = conf.get('default', 'default_service_policy', fallback='warn')
|
||||
if default_policy.lower() in ('restart', 'warn', 'ignore', 'silent-restart'):
|
||||
if default_policy.lower() in ('restart', 'warn', 'ignore', 'silent-restart', 'reboot'):
|
||||
return default_policy.lower()
|
||||
log.warning('default service policy {} is invalid'.format(default_policy))
|
||||
return 'warn'
|
||||
@ -171,6 +199,7 @@ def _get_service_restart_policy(service):
|
||||
def _get_service_from_proc(proc):
|
||||
conf = sau.config
|
||||
platform = sau.platforms.get_platform()
|
||||
if not on_systemd():
|
||||
proc = _get_top_parent(proc)
|
||||
log = logging.getLogger(sau.LOGNAME)
|
||||
try:
|
||||
@ -178,14 +207,45 @@ def _get_service_from_proc(proc):
|
||||
service_exe = proc.exe()
|
||||
except (psutil.NoSuchProcess, psutil.ZombieProcess, psutil.AccessDenied):
|
||||
log.debug('{} died'.format(proc))
|
||||
return None
|
||||
return '@ignore'
|
||||
|
||||
service_name = conf.get('processes', proc_name, fallback=None)
|
||||
log.debug(f'configuration of process "{proc_name}" in config: "{service_name}"')
|
||||
if service_name == '':
|
||||
log.debug('Ignoring process {}'.format(proc))
|
||||
return None
|
||||
return '@ignore'
|
||||
|
||||
if not service_name:
|
||||
# Systemd has it's own way...
|
||||
if on_systemd():
|
||||
if proc.pid == 1:
|
||||
return 'systemd'
|
||||
ret, unit, err = sau.helpers.exec_cmd([ '/usr/bin/systemctl', 'whoami', f'{proc.pid}' ])
|
||||
unit = unit.strip()
|
||||
name, unit_type = unit.split('.')
|
||||
if ret != 0:
|
||||
log.debug(f'Non-success ({ret}) when checking unit for process: {err}')
|
||||
return None
|
||||
elif unit_type != 'service':
|
||||
log.warning(f'not restarting non-service unit "{unit}"; owner of {proc}')
|
||||
return None
|
||||
elif name.startswith('user@'):
|
||||
log.warning(f'Not restarting user service {unit}; please log out and log in again')
|
||||
return None
|
||||
else:
|
||||
policy = conf.get('services', name, fallback=None)
|
||||
if policy and policy.lower() in valid_service_policies:
|
||||
return name
|
||||
_ret, enabled, _err = sau.helpers.exec_cmd([ '/usr/bin/systemctl', 'is-enabled', unit ])
|
||||
enabled = enabled.strip()
|
||||
if enabled not in ('enabled', 'static'):
|
||||
log.warning(f'Unit {name}.service has enable status: {enabled} - will only restart "enabled" services')
|
||||
return None
|
||||
else:
|
||||
return name
|
||||
log.error(f'This should be an unreachable path when checking process {proc}')
|
||||
return None
|
||||
|
||||
# if the exe file has been deleted since started, service_exe will be empty
|
||||
# and we'll have to guess
|
||||
if not service_exe:
|
||||
|
||||
@ -1,2 +1,7 @@
|
||||
/usr/bin/sau gen_context(system_u:object_r:sau_exec_t,s0)
|
||||
/etc/sau.cfg gen_context(system_u:object_r:sau_config_t,s0)
|
||||
/usr/bin/sau -- gen_context(system_u:object_r:sau_exec_t,s0)
|
||||
|
||||
# on gentoo python executables are executed via python-exec
|
||||
/usr/lib/python-exec/python[0-9\.]*/sau -- gen_context(system_u:object_r:sau_exec_t,s0)
|
||||
|
||||
|
||||
/etc/sau.cfg -- gen_context(system_u:object_r:sau_config_t,s0)
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
policy_module(sau, 0.1)
|
||||
policy_module(sau, 0.9.1)
|
||||
|
||||
gen_require(`
|
||||
type system_cronjob_t;
|
||||
@ -16,6 +16,11 @@ domain_type(sau_t)
|
||||
domain_entry_file(sau_t, sau_exec_t)
|
||||
files_config_file(sau_config_t)
|
||||
read_files_pattern(sau_t, etc_t, sau_config_t);
|
||||
read_files_pattern(sau_t, etc_t, etc_t)
|
||||
files_read_etc_runtime_files(sau_t);
|
||||
search_dirs_pattern(sau_t, etc_t, etc_runtime_t);
|
||||
files_manage_generic_tmp_files(sau_t)
|
||||
files_manage_generic_tmp_dirs(sau_t)
|
||||
|
||||
role sysadm_r types sau_t;
|
||||
role system_r types sau_t;
|
||||
@ -23,14 +28,54 @@ role system_r types sau_t;
|
||||
domain_auto_transition_pattern(sysadm_t, sau_exec_t, sau_t)
|
||||
domain_auto_transition_pattern(system_cronjob_t, sau_exec_t, sau_t)
|
||||
|
||||
# this should be fixed, but I don't know enough selinux magic to restrict this
|
||||
# while still allowing it to inspect all open files for all processes
|
||||
unconfined_domain_noaudit(sau_t)
|
||||
domain_use_interactive_fds(sau_t)
|
||||
userdom_use_user_ptys(sau_t)
|
||||
userdom_use_all_users_fds(sau_t)
|
||||
|
||||
# required for python
|
||||
corecmd_mmap_bin_files(sau_t)
|
||||
mmap_exec_files_pattern(sau_t, tmp_t, tmp_t);
|
||||
|
||||
|
||||
read_files_pattern(sau_t, usr_t, usr_t)
|
||||
miscfiles_read_localization(sau_t)
|
||||
logging_send_syslog_msg(sau_t)
|
||||
allow sau_t self:fifo_file { read write };
|
||||
corecmd_exec_shell(sau_t)
|
||||
corecmd_exec_bin(sau_t)
|
||||
|
||||
# list processes
|
||||
kernel_read_system_state(sau_t)
|
||||
domain_read_all_domains_state(sau_t)
|
||||
allow sau_t self:capability sys_ptrace;
|
||||
|
||||
# I've tried it all; I don't know how to give sau permission to
|
||||
# run init-scripts :(
|
||||
init_all_labeled_script_domtrans(sau_t)
|
||||
init_domtrans_script(sau_t)
|
||||
init_read_utmp(sau_t)
|
||||
init_signull_script(sau_t)
|
||||
#init_startstop_all_script_services(sau_t)
|
||||
#init_use_script_ptys(sau_t)
|
||||
#init_domtrans_labeled_script(sau_t)
|
||||
#init_manage_script_service(sau_t)
|
||||
#init_read_script_status_files(sau_t)
|
||||
#allow sau_t initrc_state_t:lnk_file { getattr read };
|
||||
#allow sau_t initrc_state_t:dir { search read };
|
||||
#init_admin(sau_t)
|
||||
# FIXME: shouldn't have to be unconfined...
|
||||
unconfined_domain(sau_t)
|
||||
|
||||
|
||||
# allow during troubleshooting...
|
||||
#files_getattr_all_dirs(sau_t)
|
||||
#files_getattr_all_files(sau_t)
|
||||
|
||||
# Gentoo specific
|
||||
portage_read_config(sau_t)
|
||||
portage_read_ebuild(sau_t)
|
||||
portage_read_db(sau_t)
|
||||
portage_read_cache(sau_t)
|
||||
portage_domtrans(sau_t)
|
||||
|
||||
|
||||
# postfix
|
||||
postfix_admin(sau_t, system_r)
|
||||
|
||||
|
||||
4
setup.py
4
setup.py
@ -1,11 +1,11 @@
|
||||
#!/usr/bin/env python3.6
|
||||
#!/usr/bin/env python3
|
||||
from os import environ
|
||||
|
||||
from setuptools import setup, find_packages
|
||||
|
||||
setup(
|
||||
name='sau',
|
||||
version='0.9.0',
|
||||
version='1.4.5',
|
||||
description='Tool for auto-updating OS and packages',
|
||||
author='Feffe',
|
||||
author_email='feffe@fulh.ax',
|
||||
|
||||
Loading…
Reference in New Issue
Block a user