Bug 975412

Summary: inspection: Augeas expressions are broken with augeas >= 0.10
Product: [Community] Virtualization Tools Reporter: Richard W.M. Jones <rjones>
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: dyasny, mbooth
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-06-18 16:31:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 975377    
Attachments:
Description Flags
inspection-augeas-fail.sh none

Description Richard W.M. Jones 2013-06-18 12:26:10 UTC 
Created attachment 762468 [details]
inspection-augeas-fail.sh

Description of problem:

(Thanks Dominic Cleal for diagnosing this one)

libguestfs currently uses an Augeas expression to limit the
files that get loaded (so Augeas doesn't run out of memory and
cause a DoS when we try to inspect weird guests).  At the
moment what we do is roughly this:

  aug_init ('/', AUG_NO_LOAD)
  aug_rm '/augeas/load//incl[. != "/etc/sysconfig/network"]'
  aug_load

which causes Augeas not to autoload any files, then to delete
all rules which DON'T match the file of interest, then to
proceed with the load.

However in Augeas >= 0.10 'incl' expressions could be globs.
Since the incl expression for /etc/sysconfig/network is a glob,
the above code which does an exact match no longer works.

After discussion we came up with an alternative expression
which works:

/augeas/load/*["/etc/sysconfig/network/" !~ regexp('^') + glob(incl) + regexp('/.*')]

Version-Release number of selected component (if applicable):

libguestfs at least as far back as 1.16 and probably further,
when used with augeas >= 0.10.

How reproducible:

100%

Steps to Reproduce:
1. Run the attached script.

Actual results:

If augeas >= 0.10 (we're not sure the precise version) is installed
then it'll print "unknown" at the end:

$ /tmp/inspection-augeas-fail.sh 
/dev/sda1
unknown      <----

That means it failed to get the hostname.

Expected results:

It should print:

/dev/sda1
foobar

Additional info:

Test program demonstrating incorrect use of Augeas:
https://bugzilla.redhat.com/attachment.cgi?id=762465

Similar code in puppet:
https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/augeas/augeas.rb#L176

Upstream change:
https://www.redhat.com/archives/augeas-devel/2011-May/msg00009.html

Documentation for path expressions:
https://github.com/hercules-team/augeas/wiki/Path-expressions
Comment 1 Richard W.M. Jones 2013-06-18 16:31:38 UTC 
Fixed upstream, libguestfs >= 1.23.5.

The following commits are required to fix it:

https://github.com/libguestfs/libguestfs/commit/2ee4d5e059840b518814dd6ce615627fe0a8391d
https://github.com/libguestfs/libguestfs/commit/2343840936c900109b6675cc6e605026443ccf0a

The following commits add enhanced tests:

https://github.com/libguestfs/libguestfs/commit/d7bc1dd92241ed569627b7583a014059afa5fc37
https://github.com/libguestfs/libguestfs/commit/a86cb71fcadbed3881e593b6de9706c03ca57149

In addition you will need Augeas >= 1.0.0, *patched*
to fix bug 904222.
Comment 2 Richard W.M. Jones 2013-06-18 17:02:08 UTC 
Correction:
https://github.com/libguestfs/libguestfs/commit/0ff0454c59ae79d47fadcc4f2837e3bfca7af105
is also needed for enhanced tests.
Comment 3 Richard W.M. Jones 2013-06-18 18:32:46 UTC 
And another one:
https://github.com/libguestfs/libguestfs/commit/d88f6c0ba62d65acf8db074d33109947907ec048
needed for enhanced tests.