Skip to content

Commit

Permalink
[Auditbeat] Package: Nullify Librpm's rpmsqEnable (elastic#11628)
Browse files Browse the repository at this point in the history
Overrides the `rpmsqEnable` function in Librpm that sets and unsets signal traps. Hopefully, this will eliminate the residual test failures.

(cherry picked from commit e047de6)
  • Loading branch information
Christoph Wurm committed Apr 5, 2019
1 parent 3b177b6 commit 37ffcea
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 29 deletions.
2 changes: 2 additions & 0 deletions CHANGELOG.next.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ https://github.com/elastic/beats/compare/v7.0.0-rc1...master[Check the HEAD diff

*Auditbeat*

- Package dataset: Nullify Librpm's rpmsqEnable. {pull}11628[11628]

*Filebeat*

- Fix `add_docker_metadata` source matching, using `log.file.path` field now. {pull}11577[11577]
Expand Down
37 changes: 8 additions & 29 deletions x-pack/auditbeat/module/system/package/rpm_linux.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,6 @@ import (
"unsafe"

"github.com/coreos/pkg/dlopen"
"github.com/joeshaw/multierror"
)

/*
Expand All @@ -25,7 +24,6 @@ import (
#include <rpm/header.h>
#include <rpm/rpmts.h>
#include <rpm/rpmdb.h>
#include <rpm/rpmsq.h>
rpmts
my_rpmtsCreate(void *f) {
Expand Down Expand Up @@ -113,27 +111,21 @@ my_rpmtsFree(void *f, rpmts ts) {
// By default, librpm is going to trap various UNIX signals including SIGINT and SIGTERM
// which will prevent Beats from shutting down correctly.
//
// This disables that behavior. We should be very dilligent in
// This disables that behavior by nullifying rpmsqEnable. We should be very dilligent in
// cleaning up in our use of librpm.
//
// More recent versions of librpm have a new function rpmsqSetInterruptSafety()
// to do this, see below.
//
// See also:
// - librpm traps signals and calls exit(1) to terminate the whole process incl. our Go code: https://github.com/rpm-software-management/rpm/blob/rpm-4.11.3-release/lib/rpmdb.c#L640
// - has caused problems for gdb before, calling rpmsqEnable(_, NULL) is the workaround they also use: https://bugzilla.redhat.com/show_bug.cgi?id=643031
// - has caused problems for gdb before, they also nullify rpmsqEnable: https://bugzilla.redhat.com/show_bug.cgi?id=643031
// - the new rpmsqSetInterruptSafety(), unfortunately only available in librpm>=4.14.0 (CentOS 7 has 4.11.3): https://github.com/rpm-software-management/rpm/commit/56f49d7f5af7c1c8a3eb478431356195adbfdd25
void
my_disableLibrpmSignalTraps(void *f) {
int (*rpmsqEnable)(int, rpmsqAction_t);
rpmsqEnable = (int (*)(int, rpmsqAction_t))f;
// Disable all traps
rpmsqEnable(-SIGHUP, NULL);
rpmsqEnable(-SIGINT, NULL);
rpmsqEnable(-SIGTERM, NULL);
rpmsqEnable(-SIGQUIT, NULL);
rpmsqEnable(-SIGPIPE, NULL);
extern int rpmsqEnable (int signum, void *handler);
int
rpmsqEnable (int signum, void *handler)
{
return 0;
}
void
Expand Down Expand Up @@ -170,7 +162,6 @@ type cFunctions struct {
headerFree unsafe.Pointer
rpmdbFreeIterator unsafe.Pointer
rpmtsFree unsafe.Pointer
rpmsqEnable unsafe.Pointer
rpmsqSetInterruptSafety unsafe.Pointer
}

Expand Down Expand Up @@ -249,16 +240,7 @@ func dlopenCFunctions() (*cFunctions, error) {

// Only available in librpm>=4.13.0
cFun.rpmsqSetInterruptSafety, err = librpm.GetSymbolPointer("rpmsqSetInterruptSafety")
if err != nil {
var err2 error
// Only available in librpm<4.14.0
cFun.rpmsqEnable, err2 = librpm.GetSymbolPointer("rpmsqEnable")
if err2 != nil {
var errs multierror.Errors
errs = append(errs, err, err2)
return nil, errs.Err()
}
}
// no error check

return &cFun, nil
}
Expand Down Expand Up @@ -298,9 +280,6 @@ func listRPMPackages() ([]*Package, error) {
if mi == nil {
return nil, fmt.Errorf("Failed to get match iterator")
}
if cFun.rpmsqEnable != nil {
C.my_disableLibrpmSignalTraps(cFun.rpmsqEnable)
}
defer C.my_rpmdbFreeIterator(cFun.rpmdbFreeIterator, mi)

var packages []*Package
Expand Down

0 comments on commit 37ffcea

Please sign in to comment.