[Auditbeat] Package: Nullify Librpm's rpmsqEnable #11628
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cwurm
added
review
needs_backport
|
Pinging @elastic/secops |
adriansr
approved these changes
Apr 5, 2019
| rpmsqEnable(-SIGPIPE, NULL); | ||
| extern int rpmsqEnable (int signum, void *handler); | ||
| int | ||
| rpmsqEnable (int signum, void *handler) |
There was a problem hiding this comment.
I wonder who is calling this function. Is it called internally by librpm?
If that's the case I'm surprised that you can override it.
There was a problem hiding this comment.
Yes, it's internal to librpm. This works because we dynamically load librpm using dlopen() after the program is started. Any symbols that are already defined at that point will not be redefined.
cwurm
pushed a commit
to cwurm/beats
that referenced
this pull request
Apr 5, 2019
Overrides the `rpmsqEnable` function in Librpm that sets and unsets signal traps. Hopefully, this will eliminate the residual test failures. (cherry picked from commit e047de6)
cwurm
added
v7.0.0
and removed
needs_backport
cwurm
pushed a commit
to cwurm/beats
that referenced
this pull request
Apr 5, 2019
Overrides the `rpmsqEnable` function in Librpm that sets and unsets signal traps. Hopefully, this will eliminate the residual test failures. (cherry picked from commit e047de6)
cwurm
pushed a commit
that referenced
this pull request
Apr 5, 2019
Both openSUSE and SLES use RPM under the hood, so we can use the code we already have for CentOS/Fedora. Depends on #11628. Fixes elastic/beats-tester#115.
cwurm
pushed a commit
to cwurm/beats
that referenced
this pull request
Apr 5, 2019
Both openSUSE and SLES use RPM under the hood, so we can use the code we already have for CentOS/Fedora. Depends on elastic#11628. Fixes elastic/beats-tester#115. (cherry picked from commit ebdf66d)
cwurm
pushed a commit
to cwurm/beats
that referenced
this pull request
Apr 5, 2019
Both openSUSE and SLES use RPM under the hood, so we can use the code we already have for CentOS/Fedora. Depends on elastic#11628. Fixes elastic/beats-tester#115. (cherry picked from commit ebdf66d)
cwurm
pushed a commit
that referenced
this pull request
Apr 5, 2019
cwurm
pushed a commit
that referenced
this pull request
Apr 7, 2019
Cherry-pick of PR #11634 to 7.0 branch. Original message: Both openSUSE and SLES use RPM under the hood, so we can use the code we already have for CentOS/Fedora. Depends on #11628. Fixes elastic/beats-tester#115.
cwurm
pushed a commit
that referenced
this pull request
Apr 7, 2019
Cherry-pick of PR #11634 to 6.7 branch. Original message: Both openSUSE and SLES use RPM under the hood, so we can use the code we already have for CentOS/Fedora. Depends on #11628. Fixes elastic/beats-tester#115.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We've had a number of problems with Librpm's use of signal traps (#10633). We've tried to fix it by using Librpm functions to disable them (#10694), but there is still the occasional test failure that seems related to it. I've also seen it happen at least once locally.
Now I've started testing the dataset on OpenSUSE and found our fix prevents it from working at all. The Python system test will reliably fail, with the Auditbeat test process shown as terminated by an uncaught
SIGTERM. If I remove our disabling logic it works, but only on OpenSUSE, and again not on CentOS. I don't know exactly what in Librpm or our use of it is causing the behavior on OpenSUSE, my assumption is that something is going wrong with how we try to unset the signal traps, with the original ones not being restored.So I'm proposing a more radical solution - overriding the
rpmsqEnablefunction in Librpm that sets and unsets signal traps. This is possible since wedlopen/dlsymthe library into the process, so any functions that are already defined will be used instead of what the library comes with. In a way, this is exactly what therpmsqSetInterruptSafetyfunction does in newer versions of Librpm (see rpm-software-management/rpm@56f49d7). It is also what gdb did with this patch following their bug report. I should have investigated their fix more closely the last time around.Hopefully, this will eliminate the residual test failures.
I'll open another PR to enable the OS family
susefor the package dataset that depends on this.