Skip to content

Buffer error logs in deb_packages table #8540

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
directionless merged 1 commit into from
Feb 4, 2025
Merged

Buffer error logs in deb_packages table #8540

directionless merged 1 commit into from
Feb 4, 2025

Conversation

@sgress454
Copy link
Contributor

@sgress454 sgress454 commented Jan 31, 2025

For #8286
Fleet: fleetdm/fleet#24877

Overview

This PR addresses an issue on CentOS and Fedora (and possibly other) distributions where errors are encountered when attempting to log to a file while generating the deb_packages table. This occurs because we drop permissions while generating this table, which means we don't have access to create the logfile.

The solution in this PR as suggested by @lucasmrod is to buffer the logs while permissions are dropped, and output them after perms are restored. The number of error logs directly produced by this table is limited by the number of admin dirs specified in the query, so the buffer size isn't a big concern there.

Testing

To test this I set up a Fedora 41 VM. Running the main branch of osquery with a scheduled query of the deb_packages table, I saw:
image

and no error log file was created.

Running the same on this branch, the console error above did not appear and the log file was created as expected, with the expected logs inside.

@sgress454 sgress454 requested review from a team as code owners January 31, 2025 15:49
sgress454
sgress454 commented Jan 31, 2025
View reviewed changes
osquery/tables/system/linux/deb_packages.cpp
admindir);

continue;
{
Copy link
Contributor Author

@sgress454 sgress454 Jan 31, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note the addition of a local scope around the block where we drop privileges. Once this scope ends the privileges are restored, so we can flush the error log safely. View diff without whitespace to see functional changes.

lucasmrod
lucasmrod approved these changes Feb 4, 2025
View reviewed changes
Copy link
Contributor

@lucasmrod lucasmrod left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Could we do the same on rpm_packages (I'm assuming it has the same issue.)

@directionless directionless merged commit e08fb83 into osquery:master Feb 4, 2025
22 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@directionless directionless directionless approved these changes

@lucasmrod lucasmrod lucasmrod approved these changes

Assignees

No one assigned

Labels

virtual tables

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@sgress454 @directionless @lucasmrod