975412 – inspection: Augeas expressions are broken with augeas >= 0.10

Bug 975412 - inspection: Augeas expressions are broken with augeas >= 0.10

Summary: inspection: Augeas expressions are broken with augeas >= 0.10

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Virtualization Tools
Classification:	Community
Component:	libguestfs
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Richard W.M. Jones
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	975377
TreeView+	depends on / blocked

Reported:	2013-06-18 12:26 UTC by Richard W.M. Jones
Modified:	2013-06-18 18:32 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-06-18 16:31:38 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
inspection-augeas-fail.sh (476 bytes, application/x-shellscript) 2013-06-18 12:26 UTC, Richard W.M. Jones	no flags	Details
View All

Description Richard W.M. Jones 2013-06-18 12:26:10 UTC

Created attachment 762468 [details]
inspection-augeas-fail.sh

Description of problem:

(Thanks Dominic Cleal for diagnosing this one)

libguestfs currently uses an Augeas expression to limit the
files that get loaded (so Augeas doesn't run out of memory and
cause a DoS when we try to inspect weird guests).  At the
moment what we do is roughly this:

  aug_init ('/', AUG_NO_LOAD)
  aug_rm '/augeas/load//incl[. != "/etc/sysconfig/network"]'
  aug_load

which causes Augeas not to autoload any files, then to delete
all rules which DON'T match the file of interest, then to
proceed with the load.

However in Augeas >= 0.10 'incl' expressions could be globs.
Since the incl expression for /etc/sysconfig/network is a glob,
the above code which does an exact match no longer works.

After discussion we came up with an alternative expression
which works:

/augeas/load/*["/etc/sysconfig/network/" !~ regexp('^') + glob(incl) + regexp('/.*')]

Version-Release number of selected component (if applicable):

libguestfs at least as far back as 1.16 and probably further,
when used with augeas >= 0.10.

How reproducible:

100%

Steps to Reproduce:
1. Run the attached script.

Actual results:

If augeas >= 0.10 (we're not sure the precise version) is installed
then it'll print "unknown" at the end:

$ /tmp/inspection-augeas-fail.sh 
/dev/sda1
unknown      <----

That means it failed to get the hostname.

Expected results:

It should print:

/dev/sda1
foobar

Additional info:

Test program demonstrating incorrect use of Augeas:
https://bugzilla.redhat.com/attachment.cgi?id=762465

Similar code in puppet:
https://github.com/puppetlabs/puppet/blob/master/lib/puppet/provider/augeas/augeas.rb#L176

Upstream change:
https://www.redhat.com/archives/augeas-devel/2011-May/msg00009.html

Documentation for path expressions:
https://github.com/hercules-team/augeas/wiki/Path-expressions

Comment 1 Richard W.M. Jones 2013-06-18 16:31:38 UTC

Fixed upstream, libguestfs >= 1.23.5.

The following commits are required to fix it:

https://github.com/libguestfs/libguestfs/commit/2ee4d5e059840b518814dd6ce615627fe0a8391d
https://github.com/libguestfs/libguestfs/commit/2343840936c900109b6675cc6e605026443ccf0a

The following commits add enhanced tests:

https://github.com/libguestfs/libguestfs/commit/d7bc1dd92241ed569627b7583a014059afa5fc37
https://github.com/libguestfs/libguestfs/commit/a86cb71fcadbed3881e593b6de9706c03ca57149

In addition you will need Augeas >= 1.0.0, *patched*
to fix bug 904222.

Comment 2 Richard W.M. Jones 2013-06-18 17:02:08 UTC

Correction:
https://github.com/libguestfs/libguestfs/commit/0ff0454c59ae79d47fadcc4f2837e3bfca7af105
is also needed for enhanced tests.

Comment 3 Richard W.M. Jones 2013-06-18 18:32:46 UTC

And another one:
https://github.com/libguestfs/libguestfs/commit/d88f6c0ba62d65acf8db074d33109947907ec048
needed for enhanced tests.

Note You need to log in before you can comment on or make changes to this bug.