From 9ef20d8e891ad2a8b41a59325936890680538cc0 Mon Sep 17 00:00:00 2001 From: Stuart Geipel Date: Wed, 13 Nov 2024 12:43:38 -0800 Subject: [PATCH] [NPM-3662] Add sestatus to agent flare --- cmd/system-probe/api/debug/handlers_linux.go | 29 +++++++++++++++++++ .../api/debug/handlers_nolinux.go | 21 ++++++++++++++ cmd/system-probe/api/server.go | 2 ++ pkg/ebpf/debug_handlers.go | 5 ++-- pkg/flare/archive_linux.go | 7 +++++ 5 files changed, 61 insertions(+), 3 deletions(-) create mode 100644 cmd/system-probe/api/debug/handlers_linux.go create mode 100644 cmd/system-probe/api/debug/handlers_nolinux.go diff --git a/cmd/system-probe/api/debug/handlers_linux.go b/cmd/system-probe/api/debug/handlers_linux.go new file mode 100644 index 0000000000000..0f896608e4738 --- /dev/null +++ b/cmd/system-probe/api/debug/handlers_linux.go @@ -0,0 +1,29 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2024-present Datadog, Inc. + +//go:build linux + +// Package debug contains handlers for debug information global to all of system-probe +package debug + +import ( + "errors" + "fmt" + "net/http" + "os/exec" +) + +// HandleSelinuxSestatus reports the output of sestatus as an http result +func HandleSelinuxSestatus(w http.ResponseWriter, _ *http.Request) { + cmd := exec.Command("sestatus") + output, err := cmd.CombinedOutput() + // don't report ExitErrors since we are using the combined output which will already include stderr + if err != nil && !errors.Is(err, &exec.ExitError{}) { + fmt.Fprintf(w, "sestatus command failed: %s", err) + return + } + + w.Write(output) +} diff --git a/cmd/system-probe/api/debug/handlers_nolinux.go b/cmd/system-probe/api/debug/handlers_nolinux.go new file mode 100644 index 0000000000000..702158ac5fdb4 --- /dev/null +++ b/cmd/system-probe/api/debug/handlers_nolinux.go @@ -0,0 +1,21 @@ +// Unless explicitly stated otherwise all files in this repository are licensed +// under the Apache License Version 2.0. +// This product includes software developed at Datadog (https://www.datadoghq.com/). +// Copyright 2024-present Datadog, Inc. + +//go:build !linux + +// Package debug contains handlers for debug information global to all of system-probe +package debug + +import ( + "io" + "net/http" +) + +// HandleSelinuxSestatus is not supported +func HandleSelinuxSestatus(w http.ResponseWriter, _ *http.Request) { + io.WriteString(w, "HandleSelinuxSestatus is not supported on this platform") + w.WriteHeader(500) + return +} diff --git a/cmd/system-probe/api/server.go b/cmd/system-probe/api/server.go index 4396b29adff1f..a2bf168b17e92 100644 --- a/cmd/system-probe/api/server.go +++ b/cmd/system-probe/api/server.go @@ -15,6 +15,7 @@ import ( gorilla "github.com/gorilla/mux" + "github.com/DataDog/datadog-agent/cmd/system-probe/api/debug" "github.com/DataDog/datadog-agent/cmd/system-probe/api/module" "github.com/DataDog/datadog-agent/cmd/system-probe/api/server" sysconfigtypes "github.com/DataDog/datadog-agent/cmd/system-probe/config/types" @@ -57,6 +58,7 @@ func StartServer(cfg *sysconfigtypes.Config, telemetry telemetry.Component, wmet if runtime.GOOS == "linux" { mux.HandleFunc("/debug/ebpf_btf_loader_info", ebpf.HandleBTFLoaderInfo) + mux.HandleFunc("/debug/selinux_sestatus", debug.HandleSelinuxSestatus) } go func() { diff --git a/pkg/ebpf/debug_handlers.go b/pkg/ebpf/debug_handlers.go index ea10d22a844c2..04cba9faed556 100644 --- a/pkg/ebpf/debug_handlers.go +++ b/pkg/ebpf/debug_handlers.go @@ -6,10 +6,9 @@ package ebpf import ( + "fmt" "io" "net/http" - - "github.com/DataDog/datadog-agent/pkg/util/log" ) // HandleBTFLoaderInfo responds with where the system-probe found BTF data (and @@ -17,7 +16,7 @@ import ( func HandleBTFLoaderInfo(w http.ResponseWriter, _ *http.Request) { info, err := GetBTFLoaderInfo() if err != nil { - log.Errorf("unable to get ebpf_btf_loader info: %s", err) + fmt.Fprintf(w, "unable to get ebpf_btf_loader info: %s", err) w.WriteHeader(500) return } diff --git a/pkg/flare/archive_linux.go b/pkg/flare/archive_linux.go index e479ddba7056e..795837a5c53e5 100644 --- a/pkg/flare/archive_linux.go +++ b/pkg/flare/archive_linux.go @@ -33,6 +33,7 @@ func addSystemProbePlatformSpecificEntries(fb flaretypes.FlareBuilder) { _ = fb.AddFileFromFunc(filepath.Join("system-probe", "conntrack_cached.log"), getSystemProbeConntrackCached) _ = fb.AddFileFromFunc(filepath.Join("system-probe", "conntrack_host.log"), getSystemProbeConntrackHost) _ = fb.AddFileFromFunc(filepath.Join("system-probe", "ebpf_btf_loader.log"), getSystemProbeBTFLoaderInfo) + _ = fb.AddFileFromFunc(filepath.Join("system-probe", "selinux_sestatus.log"), getSystemProbeSelinuxSestatus) } } @@ -143,3 +144,9 @@ func getSystemProbeBTFLoaderInfo() ([]byte, error) { url := sysprobeclient.DebugURL("/ebpf_btf_loader_info") return getHTTPData(sysProbeClient, url) } + +func getSystemProbeSelinuxSestatus() ([]byte, error) { + sysProbeClient := sysprobeclient.Get(getSystemProbeSocketPath()) + url := sysprobeclient.DebugURL("/debug/selinux_sestatus") + return getHTTPData(sysProbeClient, url) +}