From ed645ad8a01bdf25ead337bd3ea46277a93c5452 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Apr 10 2018 05:43:22 +0000 Subject: import pcp-3.12.2-5.el7 --- diff --git a/.gitignore b/.gitignore index d22a71b..0879f46 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ -SOURCES/pcp-3.11.8.src.tar.gz -SOURCES/pcp-webjs-3.11.8.src.tar.gz -SOURCES/vector-1.1.0.tar.gz +SOURCES/pcp-3.12.2.src.tar.gz +SOURCES/pcp-webapp-blinkenlights-1.0.0.tar.gz +SOURCES/pcp-webapp-grafana-1.9.1-2.tar.gz +SOURCES/pcp-webapp-graphite-0.9.10.tar.gz +SOURCES/pcp-webapp-vector-1.1.2.tar.gz diff --git a/.pcp.metadata b/.pcp.metadata index b8c5f28..889a361 100644 --- a/.pcp.metadata +++ b/.pcp.metadata @@ -1,3 +1,5 @@ -bab944a0874b89bd1f29c9a135270848f3683a57 SOURCES/pcp-3.11.8.src.tar.gz -d0507dcb9e816df1211357b5e3bb525f0f45bdca SOURCES/pcp-webjs-3.11.8.src.tar.gz -687b20283d4aee6c5494341843cb7ff01c393459 SOURCES/vector-1.1.0.tar.gz +9d9ad460d7e521106195d039cf7c0c4113617330 SOURCES/pcp-3.12.2.src.tar.gz +7241116259edb86888e8db16d6b0717279523a22 SOURCES/pcp-webapp-blinkenlights-1.0.0.tar.gz +9fbce28ae069f9d1fb1408093a1d4303c5d60322 SOURCES/pcp-webapp-grafana-1.9.1-2.tar.gz +05f083a4cddff47cf25ce50a27c20aaccad0dbcb SOURCES/pcp-webapp-graphite-0.9.10.tar.gz +efb0b9994ef963af291e21aad8d0d46a3aee2cfc SOURCES/pcp-webapp-vector-1.1.2.tar.gz diff --git a/SOURCES/logmeta.patch b/SOURCES/logmeta.patch new file mode 100644 index 0000000..c2c96b8 --- /dev/null +++ b/SOURCES/logmeta.patch @@ -0,0 +1,82 @@ +diff -Naurp pcp-3.12.2.orig/src/pmlogextract/pmlogextract.c pcp-3.12.2/src/pmlogextract/pmlogextract.c +--- pcp-3.12.2.orig/src/pmlogextract/pmlogextract.c 2017-10-03 07:46:36.000000000 +1100 ++++ pcp-3.12.2/src/pmlogextract/pmlogextract.c 2017-11-29 14:07:06.674837371 +1100 +@@ -1108,6 +1108,7 @@ nextmeta(void) + { + int i; + int j; ++ int type; + int want; + int numeof = 0; + int sts; +@@ -1158,10 +1159,12 @@ againmeta: + continue; + } + ++ type = ntohl(iap->pb[META][1]); ++ + /* pmDesc entries, if not seen before & wanted, + * then append to desc list + */ +- if (ntohl(iap->pb[META][1]) == TYPE_DESC) { ++ if (type == TYPE_DESC) { + pmid = ntoh_pmID(iap->pb[META][2]); + + /* if ml is defined, then look for pmid in the list +@@ -1194,7 +1197,7 @@ againmeta: + goto againmeta; + } + } +- else if (ntohl(iap->pb[META][1]) == TYPE_INDOM) { ++ else if (type == TYPE_INDOM) { + /* if ml is defined, then look for instance domain in the list + * if indom is not in the list then discard it immediately + */ +@@ -1227,15 +1230,25 @@ againmeta: + goto againmeta; + } + } +- else if (ntohl(iap->pb[META][1]) == 3 /*TYPE_LABEL*/) { +- /* discard this optional metadata, not supported */ ++ else if (type == 3 /*TYPE_LABEL*/) { ++ if (pmDebugOptions.logmeta) ++ fprintf(stderr, "%s: Warning: %s\n", ++ pmProgname, pmErrStr(PM_ERR_NYI)); ++ free(iap->pb[META]); ++ iap->pb[META] = NULL; ++ goto againmeta; ++ } ++ else if (type == 4 /*TYPE_TEXT*/) { ++ if (pmDebugOptions.logmeta) ++ fprintf(stderr, "%s: Warning: %s\n", ++ pmProgname, pmErrStr(PM_ERR_NYI)); + free(iap->pb[META]); + iap->pb[META] = NULL; + goto againmeta; + } + else { + fprintf(stderr, "%s: Error: unrecognised meta data type: %d\n", +- pmProgname, (int)ntohl(iap->pb[META][1])); ++ pmProgname, type); + abandon_extract(); + } + +diff -Naurp pcp-3.12.2.orig/src/pmlogrewrite/pmlogrewrite.c pcp-3.12.2/src/pmlogrewrite/pmlogrewrite.c +--- pcp-3.12.2.orig/src/pmlogrewrite/pmlogrewrite.c 2017-10-03 07:46:36.000000000 +1100 ++++ pcp-3.12.2/src/pmlogrewrite/pmlogrewrite.c 2017-11-29 14:06:25.421841627 +1100 +@@ -1220,7 +1220,14 @@ main(int argc, char **argv) + do_indom(); + } + else if (stsmeta == 3 /*TYPE_LABEL*/) { +- ; /* silently ignore optional metadata */ ++ if (pmDebugOptions.logmeta) ++ fprintf(stderr, "%s: Warning: %s\n", ++ pmProgname, pmErrStr(PM_ERR_NYI)); ++ } ++ else if (stsmeta == 4 /*TYPE_TEXT*/) { ++ if (pmDebugOptions.logmeta) ++ fprintf(stderr, "%s: Warning: %s\n", ++ pmProgname, pmErrStr(PM_ERR_NYI)); + } + else { + fprintf(stderr, "%s: Error: unrecognised meta data type: %d\n", diff --git a/SOURCES/rhbz1211432.patch b/SOURCES/rhbz1211432.patch deleted file mode 100644 index e214a81..0000000 --- a/SOURCES/rhbz1211432.patch +++ /dev/null @@ -1,430 +0,0 @@ -Author: Lukas Berk -Date: Fri Apr 21 17:41:41 2017 -0400 - - Add zeroconf rpm subpackage - - fedora.spec - packaging, nfsclient .Needinstall, set pmlogger to 10s - pcp.spec.in - ditto - GNUmakefiles - subdirectory work - atop-proc - pmlogconf for atop/proc metrics - nfsclient - pmlogconf for nfsclient metrics - xfs-perdev - pmlogconf for logging xfs.perdev metrics - -diff --git a/src/GNUmakefile b/src/GNUmakefile -index 0c3579f..ee8d5d6 100644 ---- a/src/GNUmakefile -+++ b/src/GNUmakefile -@@ -106,6 +106,7 @@ OTHER_SUBDIRS = \ - pmpython \ - derived \ - selinux \ -+ zeroconf \ - # - - SUBDIRS = \ -diff --git a/src/pmlogconf/GNUmakefile b/src/pmlogconf/GNUmakefile -index 42e563c..4de5ed9 100644 ---- a/src/pmlogconf/GNUmakefile -+++ b/src/pmlogconf/GNUmakefile -@@ -15,7 +15,7 @@ - TOPDIR = ../.. - include $(TOPDIR)/src/include/builddefs - --SUBDIRS = v1.0 platform disk sgi memory cpu kernel filesystem networking tools -+SUBDIRS = v1.0 platform disk sgi memory cpu kernel filesystem networking tools zeroconf - - default: makefiles pmlogconf.sh pmlogconf-setup.sh - -diff --git a/src/pmlogconf/zeroconf/GNUmakefile b/src/pmlogconf/zeroconf/GNUmakefile -new file mode 100644 -index 0000000..ecf8521 ---- /dev/null -+++ b/src/pmlogconf/zeroconf/GNUmakefile -@@ -0,0 +1,41 @@ -+# -+# Copyright (c) 2017 Red Hat. -+# -+# This program is free software; you can redistribute it and/or modify it -+# under the terms of the GNU General Public License as published by the -+# Free Software Foundation; either version 2 of the License, or (at your -+# option) any later version. -+# -+# This program is distributed in the hope that it will be useful, but -+# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -+# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License -+# for more details. -+# -+ -+TOPDIR = ../../.. -+include $(TOPDIR)/src/include/builddefs -+include localdefs -+ -+WORKDIR := $(shell pwd) -+GROUP := $(shell basename $(WORKDIR)) -+GROUPDIR = $(PCP_VAR_DIR)/config/pmlogconf -+ -+LDIRT = GNUmakefile -+ -+DEFAULT = $(FILES) -+ -+LSRCFILES = localdefs $(DEFAULT) -+ -+CONFIGS = $(subst "./","",$(DEFAULT)) -+ -+default_pcp: $(DEFAULT) -+ -+install_pcp: install -+ -+install: default_pcp -+ $(INSTALL) -d $(GROUPDIR)/$(GROUP) -+ @for f in $(CONFIGS); do \ -+ $(INSTALL) -m 644 $$f $(GROUPDIR)/$(GROUP)/$$f; \ -+ done -+ -+include $(BUILDRULES) -diff --git a/src/pmlogconf/zeroconf/atop-proc b/src/pmlogconf/zeroconf/atop-proc -new file mode 100644 -index 0000000..11da450 ---- /dev/null -+++ b/src/pmlogconf/zeroconf/atop-proc -@@ -0,0 +1,44 @@ -+#pmlogconf-setup 2.0 -+ident per-process metrics used by the atop command for zeroconf subpackage -+probe kernel.uname.sysname ~ Linux ? include : exclude -+delta 10 seconds -+ -+ proc.psinfo.cmd -+ proc.psinfo.sname -+ proc.psinfo.ppid -+ proc.psinfo.minflt -+ proc.psinfo.maj_flt -+ proc.psinfo.utime -+ proc.psinfo.stime -+ proc.psinfo.priority -+ proc.psinfo.nice -+ proc.psinfo.start_time -+ proc.psinfo.vsize -+ proc.psinfo.rss -+ proc.psinfo.processor -+ proc.psinfo.rt_priority -+ proc.psinfo.policy -+ proc.psinfo.threads -+ proc.psinfo.tgid -+ proc.psinfo.pid -+ proc.namespaces.envid -+ proc.id.uid -+ proc.id.euid -+ proc.id.suid -+ proc.id.fsuid -+ proc.id.gid -+ proc.id.egid -+ proc.id.sgid -+ proc.id.fsgid -+ proc.memory.vmdata -+ proc.memory.vmstack -+ proc.memory.vmexe -+ proc.memory.vmlib -+ proc.memory.vmswap -+ proc.io.read_bytes -+ proc.io.write_bytes -+ proc.io.cancelled_write_bytes -+ proc.id.uid_nm -+ proc.id.euid_nm -+ proc.id.suid_nm -+ proc.id.fsuid_nm -diff --git a/src/pmlogconf/zeroconf/localdefs b/src/pmlogconf/zeroconf/localdefs -new file mode 100644 -index 0000000..8a43fb1 ---- /dev/null -+++ b/src/pmlogconf/zeroconf/localdefs -@@ -0,0 +1,4 @@ -+FILES = \ -+ atop-proc \ -+ xfs-perdev -+# END -\ No newline at end of file -diff --git a/src/pmlogconf/zeroconf/nfsclient b/src/pmlogconf/zeroconf/nfsclient -new file mode 100644 -index 0000000..919a1ec ---- /dev/null -+++ b/src/pmlogconf/zeroconf/nfsclient -@@ -0,0 +1,7 @@ -+#pmlogconf-setup 2.0 -+ident metrics used by zeroconf setup -+probe kernel.uname.sysname ~ Linux ? include : exclude -+delta 10 seconds -+ -+# nfsclient metrics -+ nfsclient -diff --git a/src/pmlogconf/zeroconf/xfs-perdev b/src/pmlogconf/zeroconf/xfs-perdev -new file mode 100644 -index 0000000..0a4f4e1 ---- /dev/null -+++ b/src/pmlogconf/zeroconf/xfs-perdev -@@ -0,0 +1,7 @@ -+#pmlogconf-setup 2.0 -+ident metrics used by zeroconf setup -+probe kernel.uname.sysname ~ Linux ? include : exclude -+delta 10 seconds -+ -+# xfs.perdev metrics -+ xfs.perdev -commit 28a557d44aabc0817296c402a7315c489f54d9a0 -Author: Nathan Scott -Date: Tue May 9 14:30:25 2017 +1000 - - zeroconf: enable pmie and dmthin monitoring, minor fixes - - Ensure nfsclient metrics are included in the install, add - specfile deps on needed PMDAs, use PCP_SYSCONFIG_DIR the - same way across spec files, and handle scripting via %post - so we're sure all installed bits are available for use. - - This incorporates feedback from mgoodwin and tbowling @RH. - -diff --git a/src/pmlogconf/zeroconf/localdefs b/src/pmlogconf/zeroconf/localdefs -index 8a43fb1..e2e11a0 100644 ---- a/src/pmlogconf/zeroconf/localdefs -+++ b/src/pmlogconf/zeroconf/localdefs -@@ -1,4 +1,5 @@ - FILES = \ - atop-proc \ -+ nfsclient \ - xfs-perdev --# END -\ No newline at end of file -+# END -commit 8f496f54c1a1902b2829de7508fba7c97d8b592a -Author: Nathan Scott -Date: Thu May 11 15:51:07 2017 +1000 - - build: fix pmlogconf/zeroconf makefile (auto-)creation - - Also only descend into zeroconf pmlogconf subdir if we will - be packaging it up intentionally (i.e. for RPM platforms), - otherwise it becomes the default instead of opt-in for non- - RPM platforms. - -diff --git a/src/pmlogconf/.gitignore b/src/pmlogconf/.gitignore -index 8d59d51..b5f297c 100644 ---- a/src/pmlogconf/.gitignore -+++ b/src/pmlogconf/.gitignore -@@ -9,3 +9,4 @@ sgi/GNUmakefile - sqlserver/GNUmakefile - v1.0/GNUmakefile - tools/GNUmakefile -+zeroconf/GNUmakefile -diff --git a/src/pmlogconf/GNUmakefile b/src/pmlogconf/GNUmakefile -index 4de5ed9..edfbcbc 100644 ---- a/src/pmlogconf/GNUmakefile -+++ b/src/pmlogconf/GNUmakefile -@@ -15,7 +15,15 @@ - TOPDIR = ../.. - include $(TOPDIR)/src/include/builddefs - --SUBDIRS = v1.0 platform disk sgi memory cpu kernel filesystem networking tools zeroconf -+SUBDIRS = v1.0 platform disk sgi memory cpu kernel filesystem networking tools -+ -+# Only evaluate zeroconf configurations if we package that. -+# Otherwise zeroconf will be installed for all platforms as -+# the default, which is not what we want (it's opt-in). -+# -+ifneq "$(RPMPROG)" "" -+SUBDIRS += zeroconf -+endif - - default: makefiles pmlogconf.sh pmlogconf-setup.sh - -diff --git a/src/pmlogconf/zeroconf/GNUmakefile b/src/pmlogconf/zeroconf/GNUmakefile -deleted file mode 100644 -index ecf8521..0000000 ---- a/src/pmlogconf/zeroconf/GNUmakefile -+++ /dev/null -@@ -1,41 +0,0 @@ --# --# Copyright (c) 2017 Red Hat. --# --# This program is free software; you can redistribute it and/or modify it --# under the terms of the GNU General Public License as published by the --# Free Software Foundation; either version 2 of the License, or (at your --# option) any later version. --# --# This program is distributed in the hope that it will be useful, but --# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY --# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License --# for more details. --# -- --TOPDIR = ../../.. --include $(TOPDIR)/src/include/builddefs --include localdefs -- --WORKDIR := $(shell pwd) --GROUP := $(shell basename $(WORKDIR)) --GROUPDIR = $(PCP_VAR_DIR)/config/pmlogconf -- --LDIRT = GNUmakefile -- --DEFAULT = $(FILES) -- --LSRCFILES = localdefs $(DEFAULT) -- --CONFIGS = $(subst "./","",$(DEFAULT)) -- --default_pcp: $(DEFAULT) -- --install_pcp: install -- --install: default_pcp -- $(INSTALL) -d $(GROUPDIR)/$(GROUP) -- @for f in $(CONFIGS); do \ -- $(INSTALL) -m 644 $$f $(GROUPDIR)/$(GROUP)/$$f; \ -- done -- --include $(BUILDRULES) -commit e574b2680e7360b02743fd5e69bd4c84f546426c -Author: Mark Goodwin -Date: Fri May 26 17:12:30 2017 +1000 - - pmlogconf: add proc.psinfo.guest_time to atop-proc for pcp-pidstat - -diff --git a/src/pmlogconf/tools/atop-proc b/src/pmlogconf/tools/atop-proc -index 93230f7..b523ae2 100644 ---- a/src/pmlogconf/tools/atop-proc -+++ b/src/pmlogconf/tools/atop-proc -@@ -12,6 +12,7 @@ force available - proc.psinfo.priority - proc.psinfo.nice - proc.psinfo.start_time -+ proc.psinfo.guest_time - proc.psinfo.vsize - proc.psinfo.rss - proc.psinfo.processor -commit 69a48c619ccb6975a33a4fb30f628e25473e3aee -Author: Mark Goodwin -Date: Fri May 26 17:24:19 2017 +1000 - - pmlogconf: add config for pcp-tapestat - - Also add hinv.ntape to the pcp-summary config. - -diff --git a/src/pmlogconf/tools/pcp-summary b/src/pmlogconf/tools/pcp-summary -index 240d92b..916e16b 100644 ---- a/src/pmlogconf/tools/pcp-summary -+++ b/src/pmlogconf/tools/pcp-summary -@@ -4,6 +4,7 @@ force include - delta once - hinv.ncpu - hinv.ndisk -+ hinv.ntape - hinv.nnode - hinv.physmem - pmda.uname -diff --git a/src/pmlogconf/tools/tapestat b/src/pmlogconf/tools/tapestat -new file mode 100644 -index 0000000..bc4ff2a ---- /dev/null -+++ b/src/pmlogconf/tools/tapestat -@@ -0,0 +1,5 @@ -+#pmlogconf-setup 2.0 -+ident metrics used by the pcp-tapestat(1) command -+probe kernel.uname.sysname ~ Linux ? include : exclude -+ -+ tape.dev -commit b375c50bc22ccceea89236ec06cb84a72284719a -Author: Mark Goodwin -Date: Fri May 26 17:26:14 2017 +1000 - - pmlogconf: add numastat, pidstat and tapestat to the zeroconf config - - Adding numastat, pidstat and tapestat to zeroconf doesn't add much - extra logging and we get better tool coverage for replaying default - zeroconf archives. We're already logging atop-proc and add one more - metric so pidstat can also replay. - - QA to follow using qa/archives/pcp-zeroconf. - -diff --git a/src/pmlogconf/zeroconf/atop-proc b/src/pmlogconf/zeroconf/atop-proc -index 11da450..f56525d 100644 ---- a/src/pmlogconf/zeroconf/atop-proc -+++ b/src/pmlogconf/zeroconf/atop-proc -@@ -12,6 +12,7 @@ delta 10 seconds - proc.psinfo.stime - proc.psinfo.priority - proc.psinfo.nice -+ proc.psinfo.guest_time - proc.psinfo.start_time - proc.psinfo.vsize - proc.psinfo.rss -diff --git a/src/pmlogconf/zeroconf/localdefs b/src/pmlogconf/zeroconf/localdefs -index e2e11a0..253977b 100644 ---- a/src/pmlogconf/zeroconf/localdefs -+++ b/src/pmlogconf/zeroconf/localdefs -@@ -1,5 +1,8 @@ - FILES = \ - atop-proc \ - nfsclient \ -- xfs-perdev -+ xfs-perdev \ -+ pidstat-summary \ -+ tapestat \ -+ numastat - # END -diff --git a/src/pmlogconf/zeroconf/numastat b/src/pmlogconf/zeroconf/numastat -new file mode 100644 -index 0000000..9e2289c ---- /dev/null -+++ b/src/pmlogconf/zeroconf/numastat -@@ -0,0 +1,6 @@ -+#pmlogconf-setup 2.0 -+ident metrics used by the pcp-numastat(1) command -+probe kernel.uname.sysname ~ Linux ? include : exclude -+delta 10 seconds -+ -+ mem.numa.alloc -diff --git a/src/pmlogconf/zeroconf/pidstat-summary b/src/pmlogconf/zeroconf/pidstat-summary -new file mode 100644 -index 0000000..7dd00cc ---- /dev/null -+++ b/src/pmlogconf/zeroconf/pidstat-summary -@@ -0,0 +1,10 @@ -+#pmlogconf-setup 2.0 -+ident metrics sampled once by the pcp-pidstat(1) command -+probe kernel.uname.sysname ~ Linux ? include : exclude -+delta once -+ hinv.ncpu -+ kernel.uname.nodename -+ kernel.uname.release -+ kernel.uname.sysname -+ kernel.uname.machine -+ mem.physmem -diff --git a/src/pmlogconf/zeroconf/tapestat b/src/pmlogconf/zeroconf/tapestat -new file mode 100644 -index 0000000..f0f0394 ---- /dev/null -+++ b/src/pmlogconf/zeroconf/tapestat -@@ -0,0 +1,6 @@ -+#pmlogconf-setup 2.0 -+ident metrics used by the pcp-tapestat(1) command -+probe kernel.uname.sysname ~ Linux ? include : exclude -+delta 10 seconds -+ -+ tape.dev -commit 359a4b024dd22457f80aac7f47bd045aa4e73b5b -Author: Nathan Scott -Date: Mon May 29 17:02:05 2017 +1000 - - build: add pmlogconf tools/tapestat into the build - -diff --git a/src/pmlogconf/tools/localdefs b/src/pmlogconf/tools/localdefs -index 75abda3..7595e5d 100644 ---- a/src/pmlogconf/tools/localdefs -+++ b/src/pmlogconf/tools/localdefs -@@ -24,6 +24,7 @@ FILES = \ - pmstat \ - sar \ - sar-summary \ -+ tapestat \ - uptime \ - vector \ - vector-summary \ diff --git a/SOURCES/rhbz1419490.patch b/SOURCES/rhbz1419490.patch deleted file mode 100644 index 1f6cef9..0000000 Binary files a/SOURCES/rhbz1419490.patch and /dev/null differ diff --git a/SOURCES/rhbz1425880.patch b/SOURCES/rhbz1425880.patch deleted file mode 100644 index d672b3c..0000000 --- a/SOURCES/rhbz1425880.patch +++ /dev/null @@ -1,340 +0,0 @@ -diff -Naurp pcp-3.11.8-orig/configure pcp-3.11.8/configure ---- pcp-3.11.8-orig/configure 2017-02-14 07:37:52.000000000 +1100 -+++ pcp-3.11.8/configure 2017-03-01 17:09:48.238622561 +1100 -@@ -960,6 +960,7 @@ with_books_brand - with_papi - with_perfevent - with_pmdajson -+with_pmdanutcracker - with_pmdasnmp - with_manager - with_webapi -@@ -1675,6 +1676,7 @@ Optional Packages: - installation prefix, or a pkgconfig module name. - --with-perfevent enable perfevent pmda (default is on) - --with-pmdajson enable JSON pmda (default is on) -+ --with-pmdanutcracker enable nutcracker pmda (default is on) - --with-pmdasnmp enable SNMP pmda (default is on) - --with-manager enable daemon manager (default is on) - --with-webapi enable REST API daemon (default is on) -@@ -2797,6 +2799,15 @@ fi - - - -+# Check whether --with-pmdanutcracker was given. -+if test "${with_pmdanutcracker+set}" = set; then : -+ withval=$with_pmdanutcracker; do_pmdanutcracker=$withval; PACKAGE_CONFIGURE="$PACKAGE_CONFIGURE --with-pmdanutcracker=$withval" -+else -+ do_pmdanutcracker=check -+fi -+ -+ -+ - # Check whether --with-pmdasnmp was given. - if test "${with_pmdasnmp+set}" = set; then : - withval=$with_pmdasnmp; do_pmdasnmp=$withval; PACKAGE_CONFIGURE="$PACKAGE_CONFIGURE --with-pmdasnmp=$withval" -@@ -7560,15 +7571,22 @@ $as_echo "no" >&6; }; fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking if the nutcracker PMDA should be included" >&5 - $as_echo_n "checking if the nutcracker PMDA should be included... " >&6; } - pmda_nutcracker=false --if test "$have_perl" = true --then -- if $pcp_perl_prog -e "use YAML::XS" >/dev/null 2>&1 -+if test "x$do_pmdanutcracker" = "xyes"; then : -+ pmda_nutcracker=true -+fi -+if test "x$do_pmdanutcracker" = "xcheck"; then : -+ -+ if test "$have_perl" = true - then -- if $pcp_perl_prog -e "use JSON" >/dev/null 2>&1 -+ if $pcp_perl_prog -e "use YAML::XS" >/dev/null 2>&1 - then -- pmda_nutcracker=true -+ if $pcp_perl_prog -e "use JSON" >/dev/null 2>&1 -+ then -+ pmda_nutcracker=true -+ fi - fi - fi -+ - fi - PMDA_NUTCRACKER=$pmda_nutcracker - -diff -Naurp pcp-3.11.8-orig/configure.ac pcp-3.11.8/configure.ac ---- pcp-3.11.8-orig/configure.ac 2017-02-14 07:37:52.000000000 +1100 -+++ pcp-3.11.8/configure.ac 2017-03-01 17:09:35.495740047 +1100 -@@ -148,6 +148,12 @@ AC_ARG_WITH([pmdajson], - [do_pmdajson=$withval; PACKAGE_CONFIGURE="$PACKAGE_CONFIGURE --with-pmdajson=$withval"], - [do_pmdajson=check]) - -+AC_ARG_WITH([pmdanutcracker], -+ [AC_HELP_STRING([--with-pmdanutcracker], -+ [enable nutcracker pmda (default is on)])], -+ [do_pmdanutcracker=$withval; PACKAGE_CONFIGURE="$PACKAGE_CONFIGURE --with-pmdanutcracker=$withval"], -+ [do_pmdanutcracker=check]) -+ - AC_ARG_WITH([pmdasnmp], - [AC_HELP_STRING([--with-pmdasnmp], - [enable SNMP pmda (default is on)])], -@@ -1060,17 +1066,20 @@ if $pmda_bind2; then AC_MSG_RESULT(yes); - - AC_MSG_CHECKING([if the nutcracker PMDA should be included]) - pmda_nutcracker=false --if test "$have_perl" = true --then -- dnl rpm build for nutcracker PMDA needs Perl JSON YAML::XS -- if $pcp_perl_prog -e "use YAML::XS" >/dev/null 2>&1 -+AS_IF([test "x$do_pmdanutcracker" = "xyes"], [pmda_nutcracker=true]) -+AS_IF([test "x$do_pmdanutcracker" = "xcheck"], [ -+ dnl build for nutcracker PMDA needs perl JSON & YAML::XS modules -+ if test "$have_perl" = true - then -- if $pcp_perl_prog -e "use JSON" >/dev/null 2>&1 -+ if $pcp_perl_prog -e "use YAML::XS" >/dev/null 2>&1 - then -- pmda_nutcracker=true -+ if $pcp_perl_prog -e "use JSON" >/dev/null 2>&1 -+ then -+ pmda_nutcracker=true -+ fi - fi - fi --fi -+]) - AC_SUBST(PMDA_NUTCRACKER, $pmda_nutcracker) - if $pmda_nutcracker; then AC_MSG_RESULT(yes); else AC_MSG_RESULT(no); fi - -diff -Naurp pcp-3.11.8-orig/src/libpcp/src/interp.c pcp-3.11.8/src/libpcp/src/interp.c ---- pcp-3.11.8-orig/src/libpcp/src/interp.c 2017-02-15 10:57:23.000000000 +1100 -+++ pcp-3.11.8/src/libpcp/src/interp.c 2017-03-01 17:09:35.495740047 +1100 -@@ -699,7 +699,7 @@ __pmLogFetchInterp(__pmContext *ctxp, in - int i; - int j; - int k; -- int sts, sts1; -+ int sts; - double t_req; - double t_this; - pmResult *rp; -@@ -810,6 +810,8 @@ __pmLogFetchInterp(__pmContext *ctxp, in - /* enumerate all the instances from the domain underneath */ - int *instlist = NULL; - char **namelist = NULL; -+ int hsts = 0; -+ - if (pcp->desc.indom == PM_INDOM_NULL) { - sts = 1; - if ((instlist = (int *)malloc(sizeof(int))) == NULL) { -@@ -821,10 +823,10 @@ __pmLogFetchInterp(__pmContext *ctxp, in - sts = pmGetInDomArchive(pcp->desc.indom, &instlist, &namelist); - if (sts > 0) { - /* Pre allocate enough space for the instance domain. */ -- sts1 = __pmHashPreAlloc(sts, &pcp->hc); -- if (sts1 < 0) { -+ hsts = __pmHashPreAlloc(sts, &pcp->hc); -+ if (hsts < 0) { - free(pcp); -- return sts1; -+ goto done_icp; - } - } - } -@@ -839,16 +841,19 @@ __pmLogFetchInterp(__pmContext *ctxp, in - SET_UNDEFINED(icp->s_prior); - SET_UNDEFINED(icp->s_next); - icp->v_prior.pval = icp->v_next.pval = NULL; -- sts1 = __pmHashAdd((int)instlist[i], (void *)icp, &pcp->hc); -- if (sts1 < 0) { -+ hsts = __pmHashAdd((int)instlist[i], (void *)icp, &pcp->hc); -+ if (hsts < 0) { - free(icp); -- return sts1; -+ goto done_icp; - } - } -+ done_icp: - if (instlist != NULL) - free(instlist); - if (namelist != NULL) - free(namelist); -+ if (hsts < 0) -+ return hsts; /* hash allocation error */ - } - } - else -diff -Naurp pcp-3.11.8-orig/src/libpcp_web/src/http_client.c pcp-3.11.8/src/libpcp_web/src/http_client.c ---- pcp-3.11.8-orig/src/libpcp_web/src/http_client.c 2017-01-16 17:02:10.000000000 +1100 -+++ pcp-3.11.8/src/libpcp_web/src/http_client.c 2017-03-01 17:09:02.208046949 +1100 -@@ -283,7 +283,7 @@ http_client_connect(http_client *cp) - snprintf(path, sizeof(path), "/%.*s/%.*s", - up->field_data[UF_HOST].len, url + up->field_data[UF_HOST].off, - up->field_data[UF_PATH].len, url + up->field_data[UF_PATH].off); -- path[length] = '\0'; -+ path[length - 1] = '\0'; - // __pmNotifyErr(LOG_DEBUG, "host: %.*s\n", up->field_data[UF_HOST].len, url + up->field_data[UF_HOST].off); - // __pmNotifyErr(LOG_DEBUG, "UF_path: %.*s\n", up->field_data[UF_PATH].len, url + up->field_data[UF_PATH].off); - // __pmNotifyErr(LOG_DEBUG, "path: %s\n", path); -@@ -448,7 +448,7 @@ reset_url_location(const char *tourl, si - if (*suffix != '/') - *str++ = '/'; - strncat(str, suffix, length); -- url[size] = '\0'; -+ url[size - 1] = '\0'; - http_parser_parse_url(url, size, 0, fromp); - - if (pmDebug & DBG_TRACE_HTTP) -@@ -569,7 +569,7 @@ http_should_client_redirect(http_client - static int - http_client_response(http_client *cp) - { -- size_t bytes, total; -+ size_t bytes; - char buffer[BUFSIZ]; - int sts; - static int setup; -@@ -599,7 +599,6 @@ http_client_response(http_client *cp) - return sts ? sts : -EAGAIN; - } - bytes = http_parser_execute(&cp->parser, &settings, buffer, sts); -- total += bytes; - - } while (bytes && !(cp->flags & F_MESSAGE_END)); - -diff -Naurp pcp-3.11.8-orig/src/libpcp_web/src/json_helpers.c pcp-3.11.8/src/libpcp_web/src/json_helpers.c ---- pcp-3.11.8-orig/src/libpcp_web/src/json_helpers.c 2017-01-17 07:34:15.000000000 +1100 -+++ pcp-3.11.8/src/libpcp_web/src/json_helpers.c 2017-03-01 17:08:57.532090060 +1100 -@@ -354,7 +354,8 @@ json_pointer_to_index(const char *json, - pointer_final[j++] = strdup(json_pointer); - } else { - pointer_final[j++] = strdup(pointer_part); -- while (pointer_part && j < sizeof(pointer_final)) { -+ while (pointer_part && -+ j < sizeof(pointer_final)/sizeof(*pointer_final)) { - if ((pointer_part = strtok(NULL, "/")) != NULL) - pointer_final[j++] = strdup(pointer_part); - } -diff -Naurp pcp-3.11.8-orig/src/pmdas/docker/docker.c pcp-3.11.8/src/pmdas/docker/docker.c ---- pcp-3.11.8-orig/src/pmdas/docker/docker.c 2017-01-19 08:22:49.000000000 +1100 -+++ pcp-3.11.8/src/pmdas/docker/docker.c 2017-03-01 17:08:57.532090060 +1100 -@@ -69,6 +69,7 @@ static json_metric_desc version_metrics[ - { "GitCommit", 0, 1, {0}, ""}, - { "Arch", 0, 1, {0}, ""}, - { "ApiVersion", 0, 1, {0}, ""}, -+ { "BuildVersion", 0, 1, {0}, ""} - }; - #define version_metrics_size ARRAY_SIZE(version_metrics) - -diff -Naurp pcp-3.11.8-orig/src/pmdas/linux/ipc.c pcp-3.11.8/src/pmdas/linux/ipc.c ---- pcp-3.11.8-orig/src/pmdas/linux/ipc.c 2017-01-25 18:00:10.000000000 +1100 -+++ pcp-3.11.8/src/pmdas/linux/ipc.c 2017-03-01 17:09:00.694060908 +1100 -@@ -197,9 +197,6 @@ refresh_shm_stat(pmInDom shm_indom) - if (sts < 0) { - fprintf(stderr, "Warning: %s: pmdaCacheStore(%s, %s): %s\n", - __FUNCTION__, shmid, shm_stat->shm_key, pmErrStr(sts)); -- free(shm_stat->shm_key); -- free(shm_stat->shm_owner); -- free(shm_stat->shm_status); - free(shm_stat); - } - } -@@ -266,8 +263,6 @@ refresh_msg_que(pmInDom msg_indom) - if (sts < 0) { - fprintf(stderr, "Warning: %s: pmdaCacheStore(%s, %s): %s\n", - __FUNCTION__, msgid, msg_que->msg_key, pmErrStr(sts)); -- free(msg_que->msg_key); -- free(msg_que->msg_owner); - free(msg_que); - } - } -@@ -336,8 +331,6 @@ refresh_sem_array(pmInDom sem_indom) - if (sts < 0) { - fprintf(stderr, "Warning: %s: pmdaCacheStore(%s, %s): %s\n", - __FUNCTION__, semid, sem_arr->sem_key, pmErrStr(sts)); -- free(sem_arr->sem_key); -- free(sem_arr->sem_owner); - free(sem_arr); - } - } -diff -Naurp pcp-3.11.8-orig/src/pmdas/linux/proc_buddyinfo.c pcp-3.11.8/src/pmdas/linux/proc_buddyinfo.c ---- pcp-3.11.8-orig/src/pmdas/linux/proc_buddyinfo.c 2017-02-14 16:41:34.000000000 +1100 -+++ pcp-3.11.8/src/pmdas/linux/proc_buddyinfo.c 2017-03-01 17:09:03.206037748 +1100 -@@ -148,9 +148,13 @@ refresh_proc_buddyinfo(proc_buddyinfo_t - proc_buddyinfo->buddys = (buddyinfo_t *)realloc(proc_buddyinfo->buddys, proc_buddyinfo->nbuddys * sizeof(buddyinfo_t)); - for (j=0; j < MAX_ORDER; j++) { - proc_buddyinfo->buddys[i+j].id = next_id++; -- strcpy(proc_buddyinfo->buddys[i+j].node_name, node_name); -- strcpy(proc_buddyinfo->buddys[i+j].zone_name, zone_name); -- sprintf(proc_buddyinfo->buddys[i+j].id_name, "%s::order%u::%s", zone_name, j, node_name); -+ strncpy(proc_buddyinfo->buddys[i+j].node_name, node_name, -+ sizeof(proc_buddyinfo->buddys[i+j].node_name) - 1); -+ strncpy(proc_buddyinfo->buddys[i+j].zone_name, zone_name, -+ sizeof(proc_buddyinfo->buddys[i+j].zone_name) - 1); -+ snprintf(proc_buddyinfo->buddys[i+j].id_name, -+ sizeof(proc_buddyinfo->buddys[i+j].id_name), -+ "%s::order%u::%s", zone_name, j, node_name); - } - } - /* update data */ -diff -Naurp pcp-3.11.8-orig/src/pmdas/linux/sysfs_tapestats.c pcp-3.11.8/src/pmdas/linux/sysfs_tapestats.c ---- pcp-3.11.8-orig/src/pmdas/linux/sysfs_tapestats.c 2017-02-13 15:43:35.000000000 +1100 -+++ pcp-3.11.8/src/pmdas/linux/sysfs_tapestats.c 2017-03-01 17:09:03.206037748 +1100 -@@ -81,7 +81,7 @@ refresh_sysfs_tapestats(pmInDom tape_ind - return sts; - } - memset(device, 0, sizeof(tapedev_t)); -- strncpy(device->devname, sysdev, sizeof(device->devname)); -+ strncpy(device->devname, sysdev, sizeof(device->devname) - 1); - #if PCP_DEBUG - if (pmDebug & DBG_TRACE_LIBPMDA) - fprintf(stderr, "refresh_sysfs_tapestats: added new tape device \"%s\"\n", sysdev); -diff -Naurp pcp-3.11.8-orig/src/pmdas/mmv/src/mmv.c pcp-3.11.8/src/pmdas/mmv/src/mmv.c ---- pcp-3.11.8-orig/src/pmdas/mmv/src/mmv.c 2017-01-27 09:16:52.000000000 +1100 -+++ pcp-3.11.8/src/pmdas/mmv/src/mmv.c 2017-03-01 17:09:04.612024785 +1100 -@@ -774,13 +774,11 @@ mmv_lookup_item1(int item, unsigned int - mmv_disk_value_t *v = s->values; - int mi, vi, sts = PM_ERR_PMID; - -- m1 = s->metrics1; - for (mi = 0; mi < s->mcnt1; mi++) { - if (m1[mi].item != item) - continue; - - sts = PM_ERR_INST; -- v = s->values; - for (vi = 0; vi < s->vcnt; vi++) { - mmv_disk_metric_t *mt = (mmv_disk_metric_t *) - ((char *)s->addr + v[vi].metric); -diff -Naurp pcp-3.11.8-orig/src/pmdas/nutcracker/GNUmakefile pcp-3.11.8/src/pmdas/nutcracker/GNUmakefile ---- pcp-3.11.8-orig/src/pmdas/nutcracker/GNUmakefile 2017-01-25 15:58:00.000000000 +1100 -+++ pcp-3.11.8/src/pmdas/nutcracker/GNUmakefile 2017-03-01 17:09:35.495740047 +1100 -@@ -26,20 +26,23 @@ MAN_SECTION = 1 - MAN_PAGES = pmda$(IAM).$(MAN_SECTION) - MAN_DEST = $(PCP_MAN_DIR)/man$(MAN_SECTION) - --default: check_domain -+default_pcp default: build-me $(MAN_PAGES) - - include $(BUILDRULES) - --install: default -+ifeq "$(PMDA_NUTCRACKER)" "true" -+build-me: check_domain -+install_pcp install: default - $(INSTALL) -m 755 -d $(PMDADIR) - $(INSTALL) -m 755 Install Remove $(PMDADIR) - $(INSTALL) -m 644 pmda$(IAM).pl $(PMDADIR)/pmda$(IAM).pl - $(INSTALL) -m 644 nutcracker.conf $(PMDADIR)/nutcracker.conf - @$(INSTALL_MAN) -- --default_pcp : default -- --install_pcp : install -+else -+build-me: -+install_pcp install: default -+ @$(INSTALL_MAN) -+endif - - check_domain: ../../pmns/stdpmid - $(DOMAIN_PERLRULE) diff --git a/SOURCES/rhbz1432086.patch b/SOURCES/rhbz1432086.patch deleted file mode 100644 index 62f676d..0000000 --- a/SOURCES/rhbz1432086.patch +++ /dev/null @@ -1,444 +0,0 @@ -diff -Naurp pcp-3.11.8-orig/configure pcp-3.11.8/configure ---- pcp-3.11.8-orig/configure 2017-02-14 07:37:52.000000000 +1100 -+++ pcp-3.11.8/configure 2017-04-21 10:51:36.986013923 +1000 -@@ -703,6 +703,7 @@ fmt_pid - rdynamic_flag - pcp_selinux_dir - enable_selinux -+SEINFO - enable_manager - enable_webapi - HAVE_CAIRO -@@ -11084,16 +11085,63 @@ rm -f core conftest.err conftest.$ac_obj - fi - - -+for ac_prog in seinfo -+do -+ # Extract the first word of "$ac_prog", so it can be a program name with args. -+set dummy $ac_prog; ac_word=$2 -+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -+$as_echo_n "checking for $ac_word... " >&6; } -+if ${ac_cv_prog_SEINFO+:} false; then : -+ $as_echo_n "(cached) " >&6 -+else -+ if test -n "$SEINFO"; then -+ ac_cv_prog_SEINFO="$SEINFO" # Let the user override the test. -+else -+as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -+for as_dir in $PATH -+do -+ IFS=$as_save_IFS -+ test -z "$as_dir" && as_dir=. -+ for ac_exec_ext in '' $ac_executable_extensions; do -+ if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then -+ ac_cv_prog_SEINFO="$ac_prog" -+ $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 -+ break 2 -+ fi -+done -+ done -+IFS=$as_save_IFS -+ -+fi -+fi -+SEINFO=$ac_cv_prog_SEINFO -+if test -n "$SEINFO"; then -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SEINFO" >&5 -+$as_echo "$SEINFO" >&6; } -+else -+ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -+$as_echo "no" >&6; } -+fi -+ -+ -+ test -n "$SEINFO" && break -+done -+ -+ - enable_selinux=false - if test "x$do_selinux" != "xno"; then : - -- if test -f /usr/share/selinux/devel/Makefile -+for makefile in /usr/share/selinux/devel/Makefile -+do -+# if test -f /usr/share/selinux/devel/Makefile -a "x$SEINFO" != "x" -+ if test -f "$makefile" -a "x$SEINFO" != "x" - then - enable_selinux=true - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 - $as_echo "no" >&6; } - fi -+done - - fi - -diff -Naurp pcp-3.11.8-orig/configure.ac pcp-3.11.8/configure.ac ---- pcp-3.11.8-orig/configure.ac 2017-02-14 07:37:52.000000000 +1100 -+++ pcp-3.11.8/configure.ac 2017-04-21 10:51:36.986013923 +1000 -@@ -1849,14 +1849,19 @@ AS_IF([test "x$do_manager" != "xno"], [ - ]) - AC_SUBST(enable_manager) - -+AC_CHECK_PROGS(SEINFO, seinfo) -+AC_SUBST(SEINFO) - enable_selinux=false - AS_IF([test "x$do_selinux" != "xno"], [ -- if test -f /usr/share/selinux/devel/Makefile -+for makefile in /usr/share/selinux/devel/Makefile -+do -+ if test -f "$makefile" -a "x$SEINFO" != "x" - then - enable_selinux=true - else - AC_MSG_RESULT(no) - fi -+done - ]) - AC_SUBST(enable_selinux) - AC_SUBST(pcp_selinux_dir) -diff -Naurp pcp-3.11.8-orig/qa/917 pcp-3.11.8/qa/917 ---- pcp-3.11.8-orig/qa/917 2017-02-16 08:57:57.000000000 +1100 -+++ pcp-3.11.8/qa/917 2017-04-21 11:00:54.404877472 +1000 -@@ -17,10 +17,15 @@ policy_name="pcpupstream" - policy_file="$PCP_VAR_DIR/selinux/$policy_name.pp" - which sedismod >/dev/null 2>&1 || _notrun "sedismod tool not installed (module disassembly)" - which semodule >/dev/null 2>&1 || _notrun "semodule tool not installed" -+which seinfo >/dev/null 2>&1 || _notrun "seinfo tool not installed" - [ -f "$policy_file" ] || _notrun "upstream policy package not installed" - - container_runtime_t=`seinfo -t | grep "container_runtime_t$"` - nsfs_t=`seinfo -t | grep 'nsfs_t$'` -+docker_var_lib_t=`seinfo -t | grep "docker_var_lib_t$"` -+svirt_lxc_net_t=`seinfo -t | grep "svirt_lxc_net_t$"` -+systemd_systemctl_exec_t=`seinfo -t | grep "systemd_systemctl_exec_t$"` -+systemd_systemctl_unit_file_t=`seinfo -t | grep "systemd_systemctl_unit_file_t$"` - - _filter_semodule() - { -@@ -39,11 +44,24 @@ _filter_outfile() - { - awk -v container_t="$container_runtime_t" \ - -v nsfs_t="$nsfs_t" \ -+ -v docker_var_lib_t="$docker_var_lib_t" \ -+ -v svirt_lxc_net_t="$svirt_lxc_net_t" \ -+ -v class_status="$class_status" \ -+ -v systemd_systemctl_exec_t="$systemd_systemctl_exec_t" \ -+ -v systemd_systemctl_unit_file_t="$systemd_systemctl_unit_file_t" \ - '{ - if (container_t == "" && /container_runtime_t/) - !/container_runtime_t/ ; - else if (nsfs_t == "" && /nsfs_t/) - !/nsfs_t/ ; -+ if (docker_var_lib_t == "" && /docker_var_lib_t/) -+ !/docker_var_lib_t/ ; -+ else if (svirt_lxc_net_t == "" && /svirt_lxc_net_t/) -+ !/svirt_lxc_net_t/ ; -+ else if (systemd_systemctl_exec_t == "" && /systemd_systemctl_exec_t/) -+ !/systemd_systemctl_exec_t/ ; -+ else if (systemd_systemctl_unit_file_t == "" && /systemd_systemctl_unit_file_t/) -+ !/systemd_systemctl_unit_file_t/ ; - else - print; - }' > $seq.out -diff -Naurp pcp-3.11.8-orig/qa/917.out.in pcp-3.11.8/qa/917.out.in ---- pcp-3.11.8-orig/qa/917.out.in 2017-02-16 08:57:57.000000000 +1100 -+++ pcp-3.11.8/qa/917.out.in 2017-04-21 11:01:41.981353982 +1000 -@@ -11,8 +11,6 @@ decl 1: - allow [init_t] [pcp_var_lib_t] : [file] { append create execute execute_no_trans getattr ioctl open read write }; - allow [init_t] [pcp_var_lib_t] : [lnk_file] { read }; - allow [init_t] [tmp_t] : [file] { open }; -- allow [pcp_pmcd_t] [docker_var_lib_t] : [dir] { search }; -- allow [pcp_pmcd_t] [container_runtime_t] : [unix_stream_socket] { connectto }; - allow [pcp_pmcd_t] [svirt_sandbox_file_t] : [dir] { open read search }; - allow [pcp_pmcd_t] [svirt_lxc_net_t] : [dir] { open read search }; - allow [pcp_pmcd_t] [sysctl_net_t] : [dir] { search }; -@@ -21,7 +19,10 @@ decl 1: - allow [pcp_pmcd_t] [debugfs_t] : [dir] { read }; - allow [pcp_pmcd_t] [debugfs_t] : [file] { getattr ioctl open read }; - allow [pcp_pmcd_t] [pcp_pmie_exec_t] : [file] { execute execute_no_trans open read }; -- allow [pcp_pmcd_t] self : [capability] { net_admin }; -+ allow [pcp_pmcd_t] self : [capability] { sys_ptrace net_admin }; -+ allow [pcp_pmcd_t] [initctl_t] : [fifo_file] { getattr }; -+ allow [pcp_pmcd_t] [proc_kcore_t] : [file] { getattr }; -+ allow [pcp_pmcd_t] self : [cap_userns] { sys_ptrace }; - allow [pcp_pmcd_t] self : [capability] { sys_chroot }; - allow [pcp_pmcd_t] [nsfs_t] : [file] { open read }; - allow [pcp_pmcd_t] [pcp_log_t] : [fifo_file] { getattr read open }; -@@ -29,9 +30,14 @@ decl 1: - allow [pcp_pmlogger_t] self : [capability] { kill }; - allow [pcp_pmlogger_t] [init_t] : [system] { status }; - allow [pcp_pmlogger_t] self : [capability] { sys_ptrace }; -+ allow [pcp_pmlogger_t] [unconfined_t] : [process] { signal }; - allow [pcp_pmie_t] [hostname_exec_t] : [file] { execute execute_no_trans getattr open read }; - allow [pcp_pmie_t] self : [capability] { kill net_admin chown }; -+ allow [pcp_pmie_t] [init_t] : [unix_stream_socket] { connectto }; -+ allow [pcp_pmie_t] [initrc_var_run_t] : [file] { lock open read }; - allow [pcp_pmie_t] [init_t] : [system] { status }; -+ allow [pcp_pmie_t] [systemd_unit_file_t] : [file] { getattr }; -+ allow [pcp_pmie_t] [systemd_systemctl_exec_t] : [file] { execute execute_no_trans open read }; - allow [pcp_pmcd_t] [configfs_t] : [dir] { open read search }; - allow [pcp_pmcd_t] [configfs_t] : [file] { getattr open read }; - allow [pcp_pmcd_t] [configfs_t] : [lnk_file] { read getattr }; -@@ -41,4 +47,6 @@ decl 1: - allow [pcp_pmcd_t] [modules_object_t] : [dir] { search }; - allow [pcp_pmcd_t] [modules_object_t] : [file] { getattr open read }; - allow [pcp_pmcd_t] [saslauthd_t] : [unix_stream_socket] { connectto }; -+ allow [pcp_pmproxy_t] self : [capability] { net_admin }; -+ allow [pcp_pmproxy_t] [sysctl_net_t] : [file] { getattr open read }; - -diff -Naurp pcp-3.11.8-orig/src/selinux/GNUlocaldefs pcp-3.11.8/src/selinux/GNUlocaldefs ---- pcp-3.11.8-orig/src/selinux/GNUlocaldefs 2017-02-15 10:47:24.000000000 +1100 -+++ pcp-3.11.8/src/selinux/GNUlocaldefs 2017-04-21 11:00:54.404877472 +1000 -@@ -1,9 +1,41 @@ - ifneq "$(shell seinfo -t | grep 'container_runtime_t$$' | sed -e 's/^[ \t]*//')" "" - PCP_CONTAINER_RUNTIME_T="type container_runtime_t\;" - PCP_CONTAINER_RUNTIME_RULE="allow pcp_pmcd_t container_runtime_t:unix_stream_socket connectto\;" -+else -+PCP_CONTAINER_RUNTIME_RULE="" -+PCP_CONTAINER_RUNTIME_T="" - endif - - ifneq "$(shell seinfo -t | grep 'nsfs_t$$' | sed -e 's/^[ \t]*//')" "" - PCP_NSFS_T="type nsfs_t\; \# filesys.used" - PCP_NSFS_RULE="allow pcp_pmcd_t nsfs_t:file { read open }\;" - endif -+ -+ifneq "$(shell seinfo -t | grep 'docker_var_lib_t$$' | sed -e 's/^[ \t]*//')" "" -+PCP_DOCKER_VAR_LIB_T="type docker_var_lib_t\;" -+PCP_DOCKER_VAR_LIB_RULE="allow pcp_pmcd_t docker_var_lib_t:dir search\;" -+else -+PCP_DOCKER_VAR_LIB_T="" -+PCP_DOCKER_VAR_LIB_RULE="" -+endif -+ -+ifneq "$(shell seinfo -t | grep 'svirt_lxc_net_t$$' | sed -e 's/^[ \t]*//')" "" -+PCP_SVIRT_LXC_NET_T="type svirt_lxc_net_t\;" -+PCP_SVIRT_LXC_NET_RULE="allow pcp_pmcd_t svirt_lxc_net_t:dir { open read search }\;" -+endif -+ -+ifneq "$(shell seinfo -x --class=system | grep 'status')" "" -+PCP_CLASS_STATUS="class system status\;" -+PCP_PMLOGGER_SYSTEM_STATUS_RULE="allow pcp_pmlogger_t init_t:system status\;" -+PCP_PMIE_SYSTEM_STATUS_RULE="allow pcp_pmie_t init_t:system status\;" -+endif -+ -+ifneq "$(shell seinfo -t | grep 'systemd_unit_file_t$$' | sed -e 's/^[ \t]*//')" "" -+PCP_SYSTEMCTL_UNIT_FILE_T="type systemd_unit_file_t\;" -+PCP_SYSTEMCTL_UNIT_FILE_RULE="allow pcp_pmie_t systemd_unit_file_t:file getattr\;" -+endif -+ -+ifneq "$(shell seinfo -t | grep 'systemd_systemctl_exec_t$$' | sed -e 's/^[ \t]*//')" "" -+PCP_SYSTEMCTL_EXEC_T="type systemd_systemctl_exec_t\;" -+PCP_SYSTEMCTL_EXEC_RULE="allow pcp_pmie_t systemd_systemctl_exec_t:file { execute execute_no_trans open read }\;" -+endif -\ No newline at end of file -diff -Naurp pcp-3.11.8-orig/src/selinux/GNUmakefile pcp-3.11.8/src/selinux/GNUmakefile ---- pcp-3.11.8-orig/src/selinux/GNUmakefile 2017-02-15 10:47:24.000000000 +1100 -+++ pcp-3.11.8/src/selinux/GNUmakefile 2017-04-21 11:00:54.404877472 +1000 -@@ -14,10 +14,15 @@ - - TOPDIR = ../.. - include $(TOPDIR)/src/include/builddefs -+ifeq "$(ENABLE_SELINUX)" "true" - -include ./GNUlocaldefs -+endif - IAM = pcpupstream - --LDIRT = $(IAM).cil $(IAM).pp $(IAM).mod $(IAM).te tmp -+LDIRT = $(IAM).cil $(IAM).pp $(IAM).mod $(IAM).te tmp \ -+ $(IAM)-docker.cil $(IAM)-docker.pp $(IAM)-docker.mod \ -+ $(IAM)-container.cil $(IAM)-container.pp $(IAM)-container.mod -+ - - default: build-me - -@@ -32,6 +37,17 @@ $(IAM).te: $(IAM).te.in - -e 's;@PCP_CONTAINER_RUNTIME_RULE@;'$(PCP_CONTAINER_RUNTIME_RULE)';' \ - -e 's;@PCP_NSFS_T@;'$(PCP_NSFS_T)';' \ - -e 's;@PCP_NSFS_RULE@;'$(PCP_NSFS_RULE)';' \ -+ -e 's;@PCP_DOCKER_VAR_LIB_T@;'$(PCP_DOCKER_VAR_LIB_T)';' \ -+ -e 's;@PCP_DOCKER_VAR_LIB_RULE@;'$(PCP_DOCKER_VAR_LIB_RULE)';' \ -+ -e 's;@PCP_CLASS_STATUS@;'$(PCP_CLASS_STATUS)';' \ -+ -e 's;@PCP_PMLOGGER_SYSTEM_STATUS_RULE@;'$(PCP_PMLOGGER_SYSTEM_STATUS_RULE)';' \ -+ -e 's;@PCP_PMIE_SYSTEM_STATUS_RULE@;'$(PCP_PMIE_SYSTEM_STATUS_RULE)';' \ -+ -e 's;@PCP_SVIRT_LXC_NET_T@;'$(PCP_SVIRT_LXC_NET_T)';' \ -+ -e 's;@PCP_SVIRT_LXC_NET_RULE@;'$(PCP_SVIRT_LXC_NET_RULE)';' \ -+ -e 's;@PCP_SYSTEMCTL_UNIT_FILE_T@;'$(PCP_SYSTEMCTL_UNIT_FILE_T)';' \ -+ -e 's;@PCP_SYSTEMCTL_UNIT_FILE_RULE@;'$(PCP_SYSTEMCTL_UNIT_FILE_RULE)';' \ -+ -e 's;@PCP_SYSTEMCTL_EXEC_T@;'$(PCP_SYSTEMCTL_EXEC_T)';' \ -+ -e 's;@PCP_SYSTEMCTL_EXEC_RULE@;'$(PCP_SYSTEMCTL_EXEC_RULE)';' \ - - # END - make -f /usr/share/selinux/devel/Makefile -@@ -40,6 +56,15 @@ install: default - $(INSTALL) -m 755 -d $(PCP_SELINUX_DIR) - $(INSTALL) -m 664 $(IAM).pp $(PCP_SELINUX_DIR)/$(IAM).pp - $(INSTALL) -m 664 $(IAM).te $(PCP_SELINUX_DIR)/$(IAM).te -+ifneq "$(PCP_DOCKER_VAR_LIB)" "" -+ $(INSTALL) -m 664 $(IAM)-docker.pp $(PCP_SELINUX_DIR)/$(IAM)-docker.pp -+ $(INSTALL) -m 664 $(IAM)-docker.te $(PCP_SELINUX_DIR)/$(IAM)-docker.te -+endif -+ifneq "$(PCP_CONTAINER_RUNTIME_T)" "" -+ $(INSTALL) -m 664 $(IAM)-container.pp $(PCP_SELINUX_DIR)/$(IAM)-container.pp -+ $(INSTALL) -m 664 $(IAM)-container.te $(PCP_SELINUX_DIR)/$(IAM)-container.te -+endif -+ - else - build-me: - install: -diff -Naurp pcp-3.11.8-orig/src/selinux/pcpupstream-container.te pcp-3.11.8/src/selinux/pcpupstream-container.te ---- pcp-3.11.8-orig/src/selinux/pcpupstream-container.te 1970-01-01 10:00:00.000000000 +1000 -+++ pcp-3.11.8/src/selinux/pcpupstream-container.te 2017-04-21 11:00:19.549260992 +1000 -@@ -0,0 +1,9 @@ -+module pcpupstream-container 1.0; -+ -+require { -+ type container_runtime_t; -+ type pcp_pmcd_t; -+ class unix_stream_socket connectto; -+} -+ -+allow pcp_pmcd_t container_runtime_t:unix_stream_socket connectto; -diff -Naurp pcp-3.11.8-orig/src/selinux/pcpupstream-docker.te pcp-3.11.8/src/selinux/pcpupstream-docker.te ---- pcp-3.11.8-orig/src/selinux/pcpupstream-docker.te 1970-01-01 10:00:00.000000000 +1000 -+++ pcp-3.11.8/src/selinux/pcpupstream-docker.te 2017-04-21 11:00:19.555260927 +1000 -@@ -0,0 +1,9 @@ -+module pcpupstream-docker 1.0; -+ -+require { -+ type docker_var_lib_t; -+ type pcp_pmcd_t; -+ class dir { search }; -+} -+ -+allow pcp_pmcd_t docker_var_lib_t:dir search; -diff -Naurp pcp-3.11.8-orig/src/selinux/pcpupstream.te.in pcp-3.11.8/src/selinux/pcpupstream.te.in ---- pcp-3.11.8-orig/src/selinux/pcpupstream.te.in 2017-02-15 10:47:24.000000000 +1100 -+++ pcp-3.11.8/src/selinux/pcpupstream.te.in 2017-04-21 11:01:41.981353982 +1000 -@@ -1,20 +1,20 @@ - module pcpupstream 1.0; - - require { -- @PCP_CONTAINER_RUNTIME_T@ - type pcp_pmcd_t; - type user_home_t; - type tmp_t; - type init_t; -+ type initrc_var_run_t; - type kmsg_device_t; - type pcp_pmlogger_t; - type pcp_var_lib_t; - type pcp_log_t; - type pcp_pmie_t; -+ type pcp_pmproxy_t; - type sysctl_net_t; - type svirt_sandbox_file_t; -- type svirt_lxc_net_t; -- type docker_var_lib_t; -+ @PCP_SVIRT_LXC_NET_T@ - type hostname_exec_t; - type ldconfig_exec_t; # pcp-lio - type configfs_t; # pcp-lio -@@ -23,15 +23,19 @@ require { - type modules_object_t; # pcp-lio - @PCP_NSFS_T@ - type pcp_pmie_exec_t; # pmdasummary -+ @PCP_SYSTEMCTL_UNIT_FILE_T@ -+ @PCP_SYSTEMCTL_EXEC_T@ - type debugfs_t; # pmdalibvirt -+ type unconfined_t; #RHBZ1443632 - class lnk_file { read getattr }; -- class file { append create execute execute_no_trans getattr ioctl open read write }; -+ class file { append create execute execute_no_trans getattr ioctl lock open read write }; - class dir { add_name open read search write getattr }; - class unix_stream_socket connectto; - class capability { kill sys_ptrace net_admin chown sys_chroot }; - class chr_file { open write }; - class fifo_file { getattr read open }; # qa/455 -- class system status; -+ class process signal; #RHBZ1443632 -+ @PCP_CLASS_STATUS@ - } - - #============= init_t ============== -@@ -57,13 +61,8 @@ allow init_t tmp_t:file open; - - #============= pcp_pmcd_t ============== - --#!!!! The file '/run/docker.sock' is mislabeled on your system. --#!!!! Fix with $ restorecon -R -v /run/docker.sock --#!!!! This avc can be allowed using the boolean 'daemons_enable_cluster_mode' --allow pcp_pmcd_t docker_var_lib_t:dir search; --@PCP_CONTAINER_RUNTIME_RULE@ - allow pcp_pmcd_t svirt_sandbox_file_t:dir { open read search }; --allow pcp_pmcd_t svirt_lxc_net_t:dir { open read search }; -+@PCP_SVIRT_LXC_NET_RULE@ - allow pcp_pmcd_t sysctl_net_t:dir search; - allow pcp_pmcd_t sysctl_net_t:file { getattr open read }; - allow pcp_pmcd_t user_home_t:file { execute execute_no_trans open read }; -@@ -73,7 +72,8 @@ allow pcp_pmcd_t pcp_pmie_exec_t:file { - - - #type=AVC msg=audit(1463754714.313:316): avc: denied { net_admin } for pid=2335 comm="pmcd" capability=12 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:system_r:pcp_pmcd_t:s0 tclass=capability permissive=1 --allow pcp_pmcd_t self:capability net_admin; -+#type=AVC msg=audit(1491576442.619:1738169): avc: denied { sys_ptrace } for pid=15205 comm="pmdaproc" capability=19 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:system_r:pcp_pmcd_t:s0 tclass=capability permissive=0 -+allow pcp_pmcd_t self:capability { net_admin sys_ptrace }; - - #type=AVC msg=audit(1485899863.032:3024): avc: denied { sys_chroot } for pid=25873 comm="pmdalinux" capability=18 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:system_r:pcp_pmcd_t:s0 tclass=capability - allow pcp_pmcd_t self:capability sys_chroot; -@@ -86,16 +86,38 @@ allow pcp_pmcd_t pcp_log_t:fifo_file { g - #============= pcp_pmlogger_t ============== - allow pcp_pmlogger_t kmsg_device_t:chr_file { open write }; - allow pcp_pmlogger_t self:capability kill; --allow pcp_pmlogger_t init_t:system status; -+@PCP_PMLOGGER_SYSTEM_STATUS_RULE@ - - # type=AVC msg=audit(1484681301.380:174695): avc: denied { sys_ptrace } for pid=21962 comm="ps" capability=19 scontext=system_u:system_r:pcp_pmlogger_t:s0 tcontext=system_u:system_r:pcp_pmlogger_t:s0 tclass=capability - # src/pmlogger/pmnewlog.sh - allow pcp_pmlogger_t self:capability sys_ptrace; - -+## type=AVC msg=audit(04/19/2017 16:57:40.120:11020) : avc: denied { signal } for pid=28414 comm=pmsignal scontext=system_u:system_r:pcp_pmlogger_t:s0 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process -+ -+allow pcp_pmlogger_t unconfined_t:process signal; -+ - #============= pcp_pmie_t ============== - allow pcp_pmie_t hostname_exec_t:file { execute execute_no_trans getattr open read }; - allow pcp_pmie_t self:capability { chown kill net_admin }; --allow pcp_pmie_t init_t:system status; -+ -+#type=AVC msg=audit(04/05/2017 10:24:45.084:351) : avc: denied { connectto } for pid=8941 comm=systemctl path=/run/systemd/private scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:system_r:init_t:s0 tclass=unix_stream_socket -+allow pcp_pmie_t init_t:unix_stream_socket connectto; -+ -+#type=AVC msg=audit(04/05/2017 10:24:45.081:348) : avc: denied { open } for pid=8939 comm=runlevel path=/run/utmp dev="tmpfs" ino=12392 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file -+#type=AVC msg=audit(04/05/2017 10:24:45.081:348) : avc: denied { read } for pid=8939 comm=runlevel name=utmp dev="tmpfs" ino=12392 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file -+#type=AVC msg=audit(04/05/2017 10:24:45.081:349) : avc: denied { lock } for pid=8939 comm=runlevel path=/run/utmp dev="tmpfs" ino=12392 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:initrc_var_run_t:s0 tclass=file -+allow pcp_pmie_t initrc_var_run_t:file { lock open read }; -+ -+@PCP_PMIE_SYSTEM_STATUS_RULE@ -+ -+#type=AVC msg=audit(04/05/2017 10:24:45.082:350) : avc: denied { getattr } for pid=8870 comm=pmie path=/usr/lib/systemd/system/pmie.service dev="dm-1" ino=4203 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=file -+@PCP_SYSTEMCTL_UNIT_FILE_RULE@ -+#type=AVC msg=audit(04/05/2017 09:58:27.740:304) : avc: denied { read } for pid=7073 comm=pmie name=systemctl dev="dm-1" ino=3402 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file -+#type=AVC msg=audit(04/05/2017 09:58:27.740:303) : avc: denied { execute } for pid=7073 comm=pmie name=systemctl dev="dm-1" ino=3402 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file -+#type=AVC msg=audit(04/05/2017 09:58:27.742:305) : avc: denied { getattr } for pid=7004 comm=pmie path=/usr/lib/systemd/system/pmie.service dev="dm-1" ino=4203 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:systemd_unit_file_t:s0 tclass=file -+#type=AVC msg=audit(04/05/2017 10:24:45.080:347) : avc: denied { execute_no_trans } for pid=8939 comm=pmie path=/usr/bin/systemctl dev="dm-1" ino=3402 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file -+#type=AVC msg=audit(04/05/2017 10:24:45.080:347) : avc: denied { open } for pid=8939 comm=pmie path=/usr/bin/systemctl dev="dm-1" ino=3402 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:systemd_systemctl_exec_t:s0 tclass=file -+@PCP_SYSTEMCTL_EXEC_RULE@ - - #============= pmda-lio ============== - allow pcp_pmcd_t configfs_t:dir { open read search }; -@@ -111,3 +133,12 @@ allow pcp_pmcd_t modules_object_t:dir se - allow pcp_pmcd_t modules_object_t:file { getattr open read }; - - allow pcp_pmcd_t saslauthd_t:unix_stream_socket connectto; -+ -+#============= pcp_pmproxy_t ============== -+#type=AVC msg=audit(04/05/2017 09:54:13.548:281) : avc: denied { net_admin } for pid=6669 comm=pmproxy capability=net_admin scontext=system_u:system_r:pcp_pmproxy_t:s0 tcontext=system_u:system_r:pcp_pmproxy_t:s0 tclass=capability -+allow pcp_pmproxy_t self:capability net_admin; -+ -+#type=AVC msg=audit(04/05/2017 09:54:13.548:281) : avc: denied { read } for pid=6669 comm=pmproxy name=disable_ipv6 dev="proc" ino=9994 scontext=system_u:system_r:pcp_pmproxy_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file -+#type=AVC msg=audit(04/05/2017 10:24:45.771:356) : avc: denied { open } for pid=9669 comm=pmproxy path=/proc/sys/net/ipv6/conf/all/disable_ipv6 dev="proc" ino=9994 scontext=system_u:system_r:pcp_pmproxy_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file -+#type=AVC msg=audit(04/05/2017 10:24:45.771:357) : avc: denied { getattr } for pid=9669 comm=pmproxy path=/proc/sys/net/ipv6/conf/all/disable_ipv6 dev="proc" ino=9994 scontext=system_u:system_r:pcp_pmproxy_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=file -+allow pcp_pmproxy_t sysctl_net_t:file { getattr open read }; diff --git a/SOURCES/rhbz1488116.patch b/SOURCES/rhbz1488116.patch new file mode 100644 index 0000000..bb69891 --- /dev/null +++ b/SOURCES/rhbz1488116.patch @@ -0,0 +1,218 @@ +commit c79e4b8a8a365e0f7d2455f8f4e3288e07ce9bed +Author: Lukas Berk +Date: Mon Jan 15 16:24:29 2018 -0500 + + build: selinux, update policy package on upgrade + + Don't just install new policy package on a fresh install, we need to + make sure it's up to date on an upgrade as well. Also, version match + the policy package to ensure changes on specific releases are visible + via diagnostic tools like semodule. + +diff --git a/src/selinux/GNUmakefile b/src/selinux/GNUmakefile +index 6635c8e7b..6c993ee4c 100644 +--- a/src/selinux/GNUmakefile ++++ b/src/selinux/GNUmakefile +@@ -61,6 +61,7 @@ $(IAM).te: $(IAM).te.in + -e 's;@PCP_SOCK_FILE_GETATTR@;'$(PCP_SOCK_FILE_GETATTR)';' \ + -e 's;@PCP_SOCK_FILE_GETATTR_RULE@;'$(PCP_SOCK_FILE_GETATTR_RULE)';' \ + -e 's;@PCP_HOSTNAME_EXEC_MAP@;'$(PCP_HOSTNAME_EXEC_MAP)';' \ ++ -e 's;@PACKAGE_VERSION@;'$(PACKAGE_VERSION)';' \ + + # END + make -f /usr/share/selinux/devel/Makefile +diff --git a/src/selinux/pcpupstream.te.in b/src/selinux/pcpupstream.te.in +index e6a504c8a..56376ac4e 100644 +--- a/src/selinux/pcpupstream.te.in ++++ b/src/selinux/pcpupstream.te.in +@@ -1,4 +1,4 @@ +-module pcpupstream 1.0; ++module pcpupstream @PACKAGE_VERSION@; + + require { + type pcp_pmcd_t; + +commit 50d0d55ffe2c9af2a73bb55a8bf826c68b97ce1e +Author: Lukas Berk +Date: Thu Jan 25 21:22:57 2018 -0500 + + selinux: rhbz1488116, rhbz1533080 rules, update qa + +diff --git a/qa/917 b/qa/917 +index 9fc3a993e..3afa39b8c 100755 +--- a/qa/917 ++++ b/qa/917 +@@ -37,6 +37,7 @@ class_status=`seinfo -x --class=system | grep "status$"` + sock_file_getattr=`seinfo -x --class=sock_file | grep "getattr$"` + hostname_exec_map_a=`seinfo -x --class=file | grep "map$"` + hostname_exec_map_b=`seinfo -x --common=file 2>/dev/null | grep "map$"` ++container_runtime_tmpfs_t=`seinfo -t | grep "container_runtime_tmpfs_t$"` + + _filter_semodule() + { +@@ -54,6 +55,7 @@ _filter_sedismod1() + _filter_outfile() + { + awk -v container_t="$container_runtime_t" \ ++ -v container_tmpfs_t="$container_runtime_tmpfs_t" \ + -v nsfs_t="$nsfs_t" \ + -v docker_var_lib_t="$docker_var_lib_t" \ + -v svirt_lxc_net_t="$svirt_lxc_net_t" \ +@@ -70,8 +72,10 @@ _filter_outfile() + -v hostname_exec_map_a="$hostname_exec_map_a" \ + -v hostname_exec_map_b="$hostname_exec_map_b" \ + '{ +- if (container_t == "" && /container_runtime_t/) +- !/container_runtime_t/ ; ++ if (container_t == "" && /container_runtime_t /) ++ !/container_runtime_t / ; ++ else if (container_tmpfs_t == "" && /container_runtime_tmpfs_t/) ++ !/container_runtime_tmpfs_t/ ; + else if (nsfs_t == "" && /nsfs_t/) + !/nsfs_t/ ; + else if (docker_var_lib_t == "" && /docker_var_lib_t/) +diff --git a/qa/917.out.in b/qa/917.out.in +index edd247e25..0c2472d64 100644 +--- a/qa/917.out.in ++++ b/qa/917.out.in +@@ -48,6 +48,12 @@ decl 1: + allow [pcp_pmcd_t] [nfsd_fs_t] : [file] { getattr open read }; + allow [pcp_pmcd_t] [gpmctl_t] : [sock_file] { getattr }; + allow [pcp_pmcd_t] [postfix_spool_t] : [dir] { read }; ++ allow [pcp_pmcd_t] [container_runtime_tmpfs_t] : [dir] { getattr }; ++ allow [pcp_pmcd_t] [unconfined_service_t] : [sem] { associate getattr }; ++ allow [pcp_pmcd_t] [mock_var_lib_t] : [dir] { getattr }; ++ allow [pcp_pmcd_t] [ldconfig_exec_t] : [file] { map }; ++ allow [pcp_pmcd_t] [httpd_t] : [shm] { unix_read associate getattr }; ++ allow [pcp_pmcd_t] [httpd_t] : [sem] { unix_read associate getattr }; + allow [pcp_pmlogger_t] [kmsg_device_t] : [chr_file] { open write }; + allow [pcp_pmlogger_t] self : [capability] { kill }; + allow [pcp_pmlogger_t] [init_t] : [system] { status }; +@@ -68,6 +74,8 @@ decl 1: + allow [pcp_pmie_t] [unconfined_t] : [unix_stream_socket] { connectto }; + allow [pcp_pmie_t] [pcp_pmie_exec_t] : [file] { execute_no_trans }; + allow [pcp_pmie_t] [proc_net_t] : [file] { read }; ++ allow [pcp_pmie_t] [kmsg_device_t] : [chr_file] { open }; ++ allow [pcp_pmie_t] [pcp_pmcd_t] : [process] { signal }; + allow [pcp_pmcd_t] [configfs_t] : [dir] { open read search }; + allow [pcp_pmcd_t] [configfs_t] : [file] { getattr open read }; + allow [pcp_pmcd_t] [configfs_t] : [lnk_file] { read getattr }; +diff --git a/src/selinux/GNUlocaldefs b/src/selinux/GNUlocaldefs +index 65c296611..7d36cb6a2 100644 +--- a/src/selinux/GNUlocaldefs ++++ b/src/selinux/GNUlocaldefs +@@ -66,4 +66,5 @@ endif + + ifeq "$(PCP_SELINUX_HOSTNAME_EXEC_MAP)" "true" + PCP_HOSTNAME_EXEC_MAP=" map " ++PCP_LDCONFIG_EXEC_MAP_RULE="allow pcp_pmcd_t ldconfig_exec_t:file map\;" + endif +\ No newline at end of file +diff --git a/src/selinux/GNUmakefile b/src/selinux/GNUmakefile +index 6c993ee4c..343178d38 100644 +--- a/src/selinux/GNUmakefile ++++ b/src/selinux/GNUmakefile +@@ -61,6 +61,7 @@ $(IAM).te: $(IAM).te.in + -e 's;@PCP_SOCK_FILE_GETATTR@;'$(PCP_SOCK_FILE_GETATTR)';' \ + -e 's;@PCP_SOCK_FILE_GETATTR_RULE@;'$(PCP_SOCK_FILE_GETATTR_RULE)';' \ + -e 's;@PCP_HOSTNAME_EXEC_MAP@;'$(PCP_HOSTNAME_EXEC_MAP)';' \ ++ -e 's;@PCP_LDCONFIG_EXEC_MAP_RULE@;'$(PCP_LDCONFIG_EXEC_MAP_RULE)';' \ + -e 's;@PACKAGE_VERSION@;'$(PACKAGE_VERSION)';' \ + + # END +diff --git a/src/selinux/pcpupstream.te.in b/src/selinux/pcpupstream.te.in +index 56376ac4e..fb14fec96 100644 +--- a/src/selinux/pcpupstream.te.in ++++ b/src/selinux/pcpupstream.te.in +@@ -49,6 +49,12 @@ require { + type gpmctl_t; #RHBZ1517656 + type proc_net_t; #RHBZ1517656 + type postfix_spool_t; #RHBZ1517862 ++ type container_runtime_tmpfs_t; ++ type unconfined_service_t; ++ type mock_var_lib_t; ++ type ldconfig_exec_t; ++ type httpd_t; ++ class sem { unix_read associate getattr }; + class lnk_file { read getattr }; + class file { append create execute execute_no_trans getattr ioctl lock open read write @PCP_HOSTNAME_EXEC_MAP@ }; + class dir { add_name open read search write getattr }; +@@ -112,7 +118,6 @@ allow pcp_pmcd_t proc_kcore_t:file getattr; + #type=AVC msg=audit(1491581538.587:10952): avc: denied { sys_ptrace } for pid=9375 comm="pmdaproc" capability=19 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:system_r:pcp_pmcd_t:s0 tclass=cap_userns permissive=1 + @PCP_CAPUSERNS_PTRACE_RULE@ + +- + #type=AVC msg=audit(1485899863.032:3024): avc: denied { sys_chroot } for pid=25873 comm="pmdalinux" capability=18 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:system_r:pcp_pmcd_t:s0 tclass=capability + allow pcp_pmcd_t self:capability sys_chroot; + +@@ -182,6 +187,21 @@ allow pcp_pmcd_t nfsd_fs_t:file { getattr open read }; + + #RHBZ1517862 + allow pcp_pmcd_t postfix_spool_t:dir read; ++ ++allow pcp_pmcd_t container_runtime_tmpfs_t:dir getattr; ++ ++allow pcp_pmcd_t unconfined_service_t:sem { associate getattr }; ++ ++#type=AVC msg=audit(...): avc: denied { getattr } for pid=NNN comm="pmdalinux" path="/var/lib/mock" dev="dm-1" ino=917749 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:mock_var_lib_t:s0 tclass=dir permissive=1 ++allow pcp_pmcd_t mock_var_lib_t:dir getattr; ++ ++#type=AVC msg=audit(...): avc: denied { map } for pid=NNN comm="ldconfig" path="/usr/sbin/ldconfig" dev="dm-1" ino=1052382 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:ldconfig_exec_t:s0 tclass=file permissive=1 ++@PCP_LDCONFIG_EXEC_MAP_RULE@ ++ ++#RHBZ1488116 ++allow pcp_pmcd_t httpd_t:shm { unix_read associate getattr }; ++allow pcp_pmcd_t httpd_t:sem { unix_read associate getattr }; ++ + #============= pcp_pmlogger_t ============== + allow pcp_pmlogger_t kmsg_device_t:chr_file { open write }; + allow pcp_pmlogger_t self:capability kill; +@@ -250,6 +270,11 @@ allow pcp_pmie_t pcp_pmie_exec_t:file execute_no_trans; + #RHBZ1517656 + allow pcp_pmie_t proc_net_t:file read; + ++#type=AVC msg=audit(...): avc: denied { open } for pid=NNN comm="runlevel" path="/dev/kmsg" dev="devtmpfs" ino=1043 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:kmsg_device_t:s0 tclass=chr_file permissive=1 ++allow pcp_pmie_t kmsg_device_t:chr_file open; ++ ++#RHBZ1533080 ++allow pcp_pmie_t pcp_pmcd_t:process signal; + #============= pmda-lio ============== + allow pcp_pmcd_t configfs_t:dir { open read search }; + allow pcp_pmcd_t configfs_t:file { getattr open read }; + +commit 7ab2c18f36f96e73a93892bcabc2a53797aaeb54 +Author: Lukas Berk +Date: Fri Dec 8 10:42:59 2017 -0500 + + selinux: RHBZ1460131 add gettatr, open to pcp_var_lib_t:fifo_file + + adjust qa output + +diff --git a/qa/917.out.in b/qa/917.out.in +index 86805d11a..edd247e25 100644 +--- a/qa/917.out.in ++++ b/qa/917.out.in +@@ -19,7 +19,7 @@ decl 1: + allow [pcp_pmcd_t] [debugfs_t] : [dir] { read }; + allow [pcp_pmcd_t] [debugfs_t] : [file] { getattr ioctl open read }; + allow [pcp_pmcd_t] [pcp_pmie_exec_t] : [file] { execute execute_no_trans open read }; +- allow [pcp_pmcd_t] [pcp_var_lib_t] : [fifo_file] { read unlink }; ++ allow [pcp_pmcd_t] [pcp_var_lib_t] : [fifo_file] { getattr read open unlink }; + allow [pcp_pmcd_t] self : [capability] { sys_ptrace net_admin chown ipc_owner }; + allow [pcp_pmcd_t] [initctl_t] : [fifo_file] { getattr }; + allow [pcp_pmcd_t] [proc_kcore_t] : [file] { getattr }; +diff --git a/src/selinux/pcpupstream.te.in b/src/selinux/pcpupstream.te.in +index 236a0ecf1..e6a504c8a 100644 +--- a/src/selinux/pcpupstream.te.in ++++ b/src/selinux/pcpupstream.te.in +@@ -97,8 +97,7 @@ allow pcp_pmcd_t user_home_t:file { execute execute_no_trans open read }; + allow pcp_pmcd_t debugfs_t:dir read; + allow pcp_pmcd_t debugfs_t:file { getattr ioctl open read }; + allow pcp_pmcd_t pcp_pmie_exec_t:file { execute execute_no_trans open read }; +-allow pcp_pmcd_t pcp_var_lib_t:fifo_file { read unlink }; #RHBZ1460131 +- ++allow pcp_pmcd_t pcp_var_lib_t:fifo_file { getattr open read unlink }; #RHBZ1460131 + #type=AVC msg=audit(1463754714.313:316): avc: denied { net_admin } for pid=2335 comm="pmcd" capability=12 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:system_r:pcp_pmcd_t:s0 tclass=capability permissive=1 + #type=AVC msg=audit(1491576442.619:1738169): avc: denied { sys_ptrace } for pid=15205 comm="pmdaproc" capability=19 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:system_r:pcp_pmcd_t:s0 tclass=capability permissive=0 + #type=AVC msg=audit(1498833776.957:2094): avc: denied { ipc_owner } for pid=21341 comm="pmdalinux" capability=15 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:system_r:pcp_pmcd_t:s0 tclass=capability permissive=0 + diff --git a/SOURCES/rhbz1513503.patch b/SOURCES/rhbz1513503.patch new file mode 100644 index 0000000..48e984c --- /dev/null +++ b/SOURCES/rhbz1513503.patch @@ -0,0 +1,95 @@ +commit dac8621e4d9b70cf5891ba00307dc1c4fdf9013a +Author: Nathan Scott +Date: Wed Oct 25 11:32:46 2017 +1100 + + build: multilib strikes again - updates since autoreconf work + +diff --git a/src/include/pcp/config.h.in b/src/include/pcp/config.h.in +index f9376b8b3..72b4e825e 100644 +--- a/src/include/pcp/config.h.in ++++ b/src/include/pcp/config.h.in +@@ -3,18 +3,6 @@ + /* Define to 1 if `TIOCGWINSZ' requires . */ + #undef GWINSZ_IN_SYS_IOCTL + +-/* sizeof long */ +-#undef HAVE_32BIT_LONG +- +-/* pointer size */ +-#undef HAVE_32BIT_PTR +- +-/* sizeof long */ +-#undef HAVE_64BIT_LONG +- +-/* pointer size */ +-#undef HAVE_64BIT_PTR +- + /* AI_ADDRCONFIG macro */ + #undef HAVE_AI_ADDRCONFIG + +@@ -48,6 +36,9 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_BITS_WORDSIZE_H + ++/* Define to 1 if you have the header file. */ ++#undef HAVE_BOOST_FLYWEIGHT_HPP ++ + /* Define to 1 if you have the `brk' function. */ + #undef HAVE_BRK + +@@ -697,12 +688,6 @@ + /* Define to the version of this package. */ + #undef PACKAGE_VERSION + +-/* sizeof suseconds_t */ +-#undef PM_SIZEOF_SUSECONDS_T +- +-/* sizeof time_t */ +-#undef PM_SIZEOF_TIME_T +- + /* Define as the return type of signal handlers (`int' or `void'). */ + #undef RETSIGTYPE + +diff --git a/src/include/pcp/configsz.h.in b/src/include/pcp/configsz.h.in +index d983b6e38..18d35197a 100644 +--- a/src/include/pcp/configsz.h.in ++++ b/src/include/pcp/configsz.h.in +@@ -1,5 +1,5 @@ + /* +- * Copyright (c) 2014,2016 Red Hat. ++ * Copyright (c) 2014-2017 Red Hat. + * + * This library is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as published +@@ -14,20 +14,28 @@ + #ifndef PCP_CONFIGSZ_H + #define PCP_CONFIGSZ_H + +-/* long and pointer must be either 32 bit or 64 bit */ ++/* sizeof long */ + #undef HAVE_64BIT_LONG ++ ++/* sizeof long */ + #undef HAVE_32BIT_LONG ++ ++/* pointer size */ + #undef HAVE_32BIT_PTR ++ ++/* pointer size */ + #undef HAVE_64BIT_PTR + +-/* Check size of suseconds_t type (struct timeval) */ ++/* sizeof suseconds_t */ + #undef PM_SIZEOF_SUSECONDS_T ++ + #ifndef PM_SIZEOF_SUSECONDS_T + #error Unknown suseconds_t size + #endif + +-/* Check size of time_t (struct timeval, timespec) */ ++/* sizeof time_t */ + #undef PM_SIZEOF_TIME_T ++ + #ifndef PM_SIZEOF_TIME_T + #error Unknown time_t size + #endif diff --git a/SOURCES/rhbz1525864.patch b/SOURCES/rhbz1525864.patch new file mode 100644 index 0000000..60007f3 --- /dev/null +++ b/SOURCES/rhbz1525864.patch @@ -0,0 +1,25 @@ +diff -Naurp pcp-3.12.2.orig/src/pmdas/perfevent/configparser.l pcp-3.12.2/src/pmdas/perfevent/configparser.l +--- pcp-3.12.2.orig/src/pmdas/perfevent/configparser.l 2017-09-06 06:00:26.000000000 +1000 ++++ pcp-3.12.2/src/pmdas/perfevent/configparser.l 2018-01-30 08:05:25.603971547 +1100 +@@ -289,6 +289,10 @@ static void set_pmcsetting_derived_scale + if (context_derived) + { + setting_lists = config->derivedArr[config->nDerivedEntries-1].setting_lists; ++ if (NULL == setting_lists) ++ { ++ return; ++ } + while (setting_lists->next) + { + setting_lists = setting_lists->next; +@@ -318,6 +322,10 @@ static void set_pmcsetting_cpuconfig(con + if (context_derived) + { + setting_lists = config->derivedArr[config->nDerivedEntries-1].setting_lists; ++ if (NULL == setting_lists) ++ { ++ return; ++ } + while (setting_lists->next) + { + setting_lists = setting_lists->next; diff --git a/SOURCES/rhbz1537623.patch b/SOURCES/rhbz1537623.patch new file mode 100644 index 0000000..b6e5f1a --- /dev/null +++ b/SOURCES/rhbz1537623.patch @@ -0,0 +1,57 @@ +commit 4117de7ca98a38b79d32398680e883b47d55fffa +Author: Nathan Scott +Date: Tue Jan 30 11:12:27 2018 +1100 + + build: more multilib fallout - drop accidental redefinitions + + Some 64 vs 32 bit macro definitions have been accidentally + duplicated into config.h (must reside in config{sz,32,64}.h). + + These then resulted in potentially incorrect pmlogrewrite + rules being generated in the build, which resulted in some + bad pmlogger setups happening internally. + + Tweak qa/377 to ensure this duplication doesn't occur again. + +diff --git a/qa/377 b/qa/377 +index 071b840cf..0f7854068 100755 +--- a/qa/377 ++++ b/qa/377 +@@ -15,19 +15,15 @@ echo "QA output created by $seq" + + if [ -f $PCP_INC_DIR/config.h ] + then +- # PCP 3.8.3 or later + defs=$PCP_INC_DIR/config.h +-elif [ -f $PCP_INC_DIR/platform_header.h ] +-then +- # PCP 3.6 or later +- defs=$PCP_INC_DIR/platform_header.h +-elif [ -f $PCP_INC_DIR/platform_defs.h ] +-then +- # older PCP versions +- defs=$PCP_INC_DIR/platform_defs.h + else + _notrun "No $PCP_INC_DIR headers found" + fi ++ ++# HAVE_64BIT_LONG should be in config{sz,64}.h, *not* here: ++grep '#define HAVE_64BIT_LONG' $defs >/dev/null 2>&1 && \ ++ _fail "HAVE_64BIT_LONG is defined in $defs" ++ + grep '#define HAVE_BITFIELDS_LTOR' $defs >/dev/null 2>&1 || \ + _notrun "HAVE_BITFIELDS_LTOR is false" + +diff --git a/src/pmdas/linux/mk.rewrite b/src/pmdas/linux/mk.rewrite +index a1f81b3b2..80355f0e0 100755 +--- a/src/pmdas/linux/mk.rewrite ++++ b/src/pmdas/linux/mk.rewrite +@@ -12,7 +12,7 @@ tmp=/var/tmp/$$ + trap "rm -f $tmp.*; exit 0" 0 1 2 3 15 + + cat <$tmp.c +-#include ++#include + #if defined(HAVE_64BIT_LONG) + KERNEL_ULONG=PM_TYPE_U64 + #else diff --git a/SOURCES/selinux-pmstore.patch b/SOURCES/selinux-pmstore.patch new file mode 100644 index 0000000..87b4568 --- /dev/null +++ b/SOURCES/selinux-pmstore.patch @@ -0,0 +1,44 @@ +commit 8f75ee909cb751a1cc6b3988c5ba5476ca237de1 +Author: Lukas Berk +Date: Tue Oct 24 10:23:42 2017 -0400 + + selinux: rhbz1505888 - A pmstore command is blocked by SELinux + + Add to policy file, update testcase 917 + +diff --git a/qa/917.out.in b/qa/917.out.in +index b0073c23f..a8c337964 100644 +--- a/qa/917.out.in ++++ b/qa/917.out.in +@@ -43,6 +43,7 @@ decl 1: + allow [pcp_pmcd_t] [haproxy_var_lib_t] : [dir] { search }; + allow [pcp_pmcd_t] [haproxy_var_lib_t] : [sock_file] { write }; + allow [pcp_pmcd_t] [haproxy_t] : [unix_stream_socket] { connectto }; ++ allow [pcp_pmcd_t] [sysctl_fs_t] : [file] { write }; + allow [pcp_pmlogger_t] [kmsg_device_t] : [chr_file] { open write }; + allow [pcp_pmlogger_t] self : [capability] { kill }; + allow [pcp_pmlogger_t] [init_t] : [system] { status }; +diff --git a/src/selinux/pcpupstream.te.in b/src/selinux/pcpupstream.te.in +index f070e6024..5f48533c1 100644 +--- a/src/selinux/pcpupstream.te.in ++++ b/src/selinux/pcpupstream.te.in +@@ -19,6 +19,7 @@ require { + type pcp_pmmgr_t; + type pcp_tmp_t; + type sysctl_net_t; ++ type sysctl_fs_t; #RHBZ1505888 + type svirt_sandbox_file_t; + @PCP_SVIRT_LXC_NET_T@ + type virtd_t; # pmda.libvirt +@@ -163,6 +164,11 @@ allow pcp_pmcd_t virtd_t:unix_stream_socket connectto; + allow pcp_pmcd_t haproxy_var_lib_t:dir search; + allow pcp_pmcd_t haproxy_var_lib_t:sock_file write; + allow pcp_pmcd_t haproxy_t:unix_stream_socket connectto; ++ ++#type=AVC msg=audit(1508779244.425:386): avc: denied { write } for pid=2967 comm="pmdaxfs" name="stats_clear" dev="proc" ino=87731 scontext=system_u:system_r:pcp_pmcd_t:s0 tcontext=system_u:object_r:sysctl_fs_t:s0 tclass=file ++#RHBZ1505888 ++allow pcp_pmcd_t sysctl_fs_t:file write; ++ + #============= pcp_pmlogger_t ============== + allow pcp_pmlogger_t kmsg_device_t:chr_file { open write }; + allow pcp_pmlogger_t self:capability kill; diff --git a/SOURCES/selinux.patch b/SOURCES/selinux.patch new file mode 100644 index 0000000..b0c551e --- /dev/null +++ b/SOURCES/selinux.patch @@ -0,0 +1,411 @@ +commit 60ae66d7478bd6c944442377274a3a365d0861bb +Author: Lukas Berk +Date: Fri Nov 24 10:24:44 2017 -0500 + + selinux: quick README update for tl:dr instructions + + selinux: rhbz1515928 allow nfsd_fs_t accesses (file/dir) + + Add to policy file, update testcase 917 + + build: selinux - directly test existance of semodule -X option + + Instead of guessing, based on distro, if the semodule command adjusts + for priority, we now directly test and decide what command to issue + based on the output. + + rpms: selinux - don't install policy file if selinux isnt active + + Added a runtime check to see, even if the system has the proper + packages for selinux, if it's enabled on the system. For example; + containers, may have selinux packages to install, but it's not enabled + by default. + + selinux: RHBZ1517656 + + Add three type enforcement context allowance lines + update qa, config bits for conditional context + + selinux: RHBZ1517862 postfix context access addition + + add context access for postfix_spool_t dir read's + update testcase + + selinux: rhbz1517655 add missing file:map access + + Added a single missing class capability for file's accessing maps + adjust qa and configure scripts accordingly to check + +diff --git a/configure b/configure +index d39b76e59..f8dceca28 100755 +--- a/configure ++++ b/configure +@@ -708,6 +708,8 @@ fmt_uint64 + fmt_int64 + fmt_pid + rdynamic_flag ++pcp_selinux_hostname_exec_map ++pcp_selinux_sock_file_getattr + pcp_selinux_tracefs + pcp_selinux_unreserved_port + pcp_selinux_systemd_exec +@@ -951,7 +953,6 @@ infodir + docdir + oldincludedir + includedir +-runstatedir + localstatedir + sharedstatedir + sysconfdir +@@ -1098,7 +1099,6 @@ datadir='${datarootdir}' + sysconfdir='${prefix}/etc' + sharedstatedir='${prefix}/com' + localstatedir='${prefix}/var' +-runstatedir='${localstatedir}/run' + includedir='${prefix}/include' + oldincludedir='/usr/include' + docdir='${datarootdir}/doc/${PACKAGE}' +@@ -1351,15 +1351,6 @@ do + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + +- -runstatedir | --runstatedir | --runstatedi | --runstated \ +- | --runstate | --runstat | --runsta | --runst | --runs \ +- | --run | --ru | --r) +- ac_prev=runstatedir ;; +- -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ +- | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ +- | --run=* | --ru=* | --r=*) +- runstatedir=$ac_optarg ;; +- + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ +@@ -1497,7 +1488,7 @@ fi + for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ +- libdir localedir mandir runstatedir ++ libdir localedir mandir + do + eval ac_val=\$$ac_var + # Remove trailing slashes. +@@ -1650,7 +1641,6 @@ Fine tuning of the installation directories: + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] +- --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] +@@ -11800,6 +11790,8 @@ pcp_selinux_systemd_unit_file=false + pcp_selinux_systemd_exec=false + pcp_selinux_tracefs=false + pcp_selinux_unreserved_port=false ++pcp_selinux_sock_file_getattr=false ++pcp_selinux_hostname_exec_map=false + if test "x$enable_selinux" != "xfalse"; then : + + for policy_file in /etc/selinux/targeted/policy/policy.* +@@ -11856,6 +11848,17 @@ do + then + pcp_selinux_tracefs=true + fi ++ sock_file_getattr=`eval seinfo -x --class=sock_file -- $policy_file | grep getattr | awk '{ print $1 }'` ++ if test "x$sock_file_getattr" != "x" ++ then ++ pcp_selinux_sock_file_getattr=true ++ fi ++ hostname_exec_map_a=`eval seinfo -x --class=file -- $policy_file | grep map | awk '{ print $1 }'` ++ hostname_exec_map_b=`eval seinfo -x --common file -- $policy_file 2>/dev/null | grep map | awk '{ print $1 }'` ++ if test "x$hostname_exec_map_a" != "x" -o "x$hostname_exec_map_b" != "x" ++ then ++ pcp_selinux_hostname_exec_map=true ++ fi + + fi + done +@@ -11872,6 +11875,8 @@ fi + + + ++ ++ + { $as_echo "$as_me:${as_lineno-$LINENO}: checking return type of signal handlers" >&5 + $as_echo_n "checking return type of signal handlers... " >&6; } + if ${ac_cv_type_signal+:} false; then : +diff --git a/configure.ac b/configure.ac +index ba799d146..42efb6bfe 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1937,6 +1937,8 @@ pcp_selinux_systemd_unit_file=false + pcp_selinux_systemd_exec=false + pcp_selinux_tracefs=false + pcp_selinux_unreserved_port=false ++pcp_selinux_sock_file_getattr=false ++pcp_selinux_hostname_exec_map=false + AS_IF([test "x$enable_selinux" != "xfalse"], [ + for policy_file in /etc/selinux/targeted/policy/policy.* + do +@@ -1992,6 +1994,17 @@ do + then + pcp_selinux_tracefs=true + fi ++ sock_file_getattr=`eval seinfo -x --class=sock_file -- $policy_file | grep getattr | awk '{ print $1 }'` ++ if test "x$sock_file_getattr" != "x" ++ then ++ pcp_selinux_sock_file_getattr=true ++ fi ++ hostname_exec_map_a=`eval seinfo -x --class=file -- $policy_file | grep map | awk '{ print $1 }'` ++ hostname_exec_map_b=`eval seinfo -x --common file -- $policy_file 2>/dev/null | grep map | awk '{ print $1 }'` ++ if test "x$hostname_exec_map_a" != "x" -o "x$hostname_exec_map_b" != "x" ++ then ++ pcp_selinux_hostname_exec_map=true ++ fi + + fi + done +@@ -2006,6 +2019,8 @@ AC_SUBST(pcp_selinux_systemd_unit_file) + AC_SUBST(pcp_selinux_systemd_exec) + AC_SUBST(pcp_selinux_unreserved_port) + AC_SUBST(pcp_selinux_tracefs) ++AC_SUBST(pcp_selinux_sock_file_getattr) ++AC_SUBST(pcp_selinux_hostname_exec_map) + + dnl Checks for library functions. + AC_TYPE_SIGNAL +diff --git a/qa/917 b/qa/917 +index 83a6ed684..9fc3a993e 100755 +--- a/qa/917 ++++ b/qa/917 +@@ -34,6 +34,9 @@ cap_userns_ptrace=`seinfo --class=cap_userns -x 2>&1 | grep "sys_ptrace$"` + unreserved_port_t=`seinfo -t | grep "unreserved_port_t$"` + tracefs_t=`seinfo -t | grep "tracefs_t$"` + class_status=`seinfo -x --class=system | grep "status$"` ++sock_file_getattr=`seinfo -x --class=sock_file | grep "getattr$"` ++hostname_exec_map_a=`seinfo -x --class=file | grep "map$"` ++hostname_exec_map_b=`seinfo -x --common=file 2>/dev/null | grep "map$"` + + _filter_semodule() + { +@@ -63,6 +66,9 @@ _filter_outfile() + -v cap_userns_ptrace="$cap_userns_ptrace" \ + -v unreserved_port_t="$unreserved_port_t" \ + -v tracefs_t="$tracefs_t" \ ++ -v sock_file_getattr="$sock_file_getattr" \ ++ -v hostname_exec_map_a="$hostname_exec_map_a" \ ++ -v hostname_exec_map_b="$hostname_exec_map_b" \ + '{ + if (container_t == "" && /container_runtime_t/) + !/container_runtime_t/ ; +@@ -90,6 +96,11 @@ _filter_outfile() + !/tracefs_t/ ; + else if (class_status == "" && /system.*status/) + !/system.*status/ ; ++ else if (sock_file_getattr == "" && /gpmctl_t/) ++ !/gpmctl_t/ ; ++ else if (hostname_exec_map_a == "" && hostname_exec_map_b == "" && /hostname_exec_t/ && /pcp_pmie_t/) { ++ printf(" allow [pcp_pmie_t] [hostname_exec_t] : [file] { execute execute_no_trans getattr open read };\n") ++ } + else + print; + }' +diff --git a/qa/917.out.in b/qa/917.out.in +index a8c337964..86805d11a 100644 +--- a/qa/917.out.in ++++ b/qa/917.out.in +@@ -44,6 +44,10 @@ decl 1: + allow [pcp_pmcd_t] [haproxy_var_lib_t] : [sock_file] { write }; + allow [pcp_pmcd_t] [haproxy_t] : [unix_stream_socket] { connectto }; + allow [pcp_pmcd_t] [sysctl_fs_t] : [file] { write }; ++ allow [pcp_pmcd_t] [nfsd_fs_t] : [dir] { search }; ++ allow [pcp_pmcd_t] [nfsd_fs_t] : [file] { getattr open read }; ++ allow [pcp_pmcd_t] [gpmctl_t] : [sock_file] { getattr }; ++ allow [pcp_pmcd_t] [postfix_spool_t] : [dir] { read }; + allow [pcp_pmlogger_t] [kmsg_device_t] : [chr_file] { open write }; + allow [pcp_pmlogger_t] self : [capability] { kill }; + allow [pcp_pmlogger_t] [init_t] : [system] { status }; +@@ -54,7 +58,7 @@ decl 1: + allow [pcp_pmlogger_t] [pcp_pmlogger_exec_t] : [file] { execute_no_trans }; + allow [pcp_pmlogger_t] [dey_sapi_port_t] : [tcp_socket] { name_connect }; + allow [pcp_pmlogger_t] [user_home_dir_t] : [dir] { search }; +- allow [pcp_pmie_t] [hostname_exec_t] : [file] { execute execute_no_trans getattr open read }; ++ allow [pcp_pmie_t] [hostname_exec_t] : [file] { execute execute_no_trans getattr open read map }; + allow [pcp_pmie_t] self : [capability] { kill sys_ptrace net_admin chown }; + allow [pcp_pmie_t] [init_t] : [unix_stream_socket] { connectto }; + allow [pcp_pmie_t] [initrc_var_run_t] : [file] { lock open read }; +@@ -63,6 +67,7 @@ decl 1: + allow [pcp_pmie_t] [systemd_systemctl_exec_t] : [file] { execute execute_no_trans getattr open read }; + allow [pcp_pmie_t] [unconfined_t] : [unix_stream_socket] { connectto }; + allow [pcp_pmie_t] [pcp_pmie_exec_t] : [file] { execute_no_trans }; ++ allow [pcp_pmie_t] [proc_net_t] : [file] { read }; + allow [pcp_pmcd_t] [configfs_t] : [dir] { open read search }; + allow [pcp_pmcd_t] [configfs_t] : [file] { getattr open read }; + allow [pcp_pmcd_t] [configfs_t] : [lnk_file] { read getattr }; +@@ -75,6 +80,7 @@ decl 1: + allow [pcp_pmproxy_t] self : [capability] { net_admin }; + allow [pcp_pmproxy_t] [sysctl_net_t] : [file] { getattr open read }; + allow [pcp_pmproxy_t] [sysctl_net_t] : [dir] { search }; ++ allow [pcp_pmproxy_t] [proc_net_t] : [file] { read }; + allow [pcp_pmmgr_t] [unreserved_port_t] : [tcp_socket] { name_bind }; + allow [pcp_pmmgr_t] [unconfined_t] : [unix_stream_socket] { connectto }; + +diff --git a/src/include/builddefs.in b/src/include/builddefs.in +index e75a08d61..40fc380fb 100644 +--- a/src/include/builddefs.in ++++ b/src/include/builddefs.in +@@ -265,6 +265,8 @@ PCP_SELINUX_SYSTEMD_UNIT_FILE = @pcp_selinux_systemd_unit_file@ + PCP_SELINUX_SYSTEMD_EXEC = @pcp_selinux_systemd_exec@ + PCP_SELINUX_UNRESERVED_PORT = @pcp_selinux_unreserved_port@ + PCP_SELINUX_TRACEFS = @pcp_selinux_tracefs@ ++PCP_SELINUX_SOCK_FILE_GETATTR = @pcp_selinux_sock_file_getattr@ ++PCP_SELINUX_HOSTNAME_EXEC_MAP = @pcp_selinux_hostname_exec_map@ + + # for code supporting any modern version of perl + HAVE_PERL = @have_perl@ +diff --git a/src/selinux/GNUlocaldefs b/src/selinux/GNUlocaldefs +index 32f493a8a..65c296611 100644 +--- a/src/selinux/GNUlocaldefs ++++ b/src/selinux/GNUlocaldefs +@@ -58,3 +58,12 @@ PCP_TRACEFS_FS_RULE="allow pcp_pmcd_t tracefs_t:filesystem mount\;" + PCP_TRACEFS_DIR_RULE="allow pcp_pmcd_t tracefs_t:dir { search read open }\;" + PCP_TRACEFS_FILE_RULE="allow pcp_pmcd_t tracefs_t:file { read open }\;" + endif ++ ++ifeq "$(PCP_SELINUX_SOCK_FILE_GETATTR)" "true" ++PCP_SOCK_FILE_GETATTR="class sock_file getattr\;" ++PCP_SOCK_FILE_GETATTR_RULE="allow pcp_pmcd_t gpmctl_t:sock_file getattr\;" ++endif ++ ++ifeq "$(PCP_SELINUX_HOSTNAME_EXEC_MAP)" "true" ++PCP_HOSTNAME_EXEC_MAP=" map " ++endif +\ No newline at end of file +diff --git a/src/selinux/GNUmakefile b/src/selinux/GNUmakefile +index ed4132b80..6635c8e7b 100644 +--- a/src/selinux/GNUmakefile ++++ b/src/selinux/GNUmakefile +@@ -58,6 +58,9 @@ $(IAM).te: $(IAM).te.in + -e 's;@PCP_TRACEFS_FS_RULE@;'$(PCP_TRACEFS_FS_RULE)';' \ + -e 's;@PCP_TRACEFS_DIR_RULE@;'$(PCP_TRACEFS_DIR_RULE)';' \ + -e 's;@PCP_TRACEFS_FILE_RULE@;'$(PCP_TRACEFS_FILE_RULE)';' \ ++ -e 's;@PCP_SOCK_FILE_GETATTR@;'$(PCP_SOCK_FILE_GETATTR)';' \ ++ -e 's;@PCP_SOCK_FILE_GETATTR_RULE@;'$(PCP_SOCK_FILE_GETATTR_RULE)';' \ ++ -e 's;@PCP_HOSTNAME_EXEC_MAP@;'$(PCP_HOSTNAME_EXEC_MAP)';' \ + + # END + make -f /usr/share/selinux/devel/Makefile +diff --git a/src/selinux/README b/src/selinux/README +index af7d51be1..b071bbd5a 100644 +--- a/src/selinux/README ++++ b/src/selinux/README +@@ -1,5 +1,28 @@ + PCP SELinux Module + ++== TL;DR == ++ ++Dammit Jim, I'm a developer, not a selinux expert! ++ ++Ok ok, AVC denials are logged in /var/log/audit/audit.log Pull out the ++relevant errors, and either, forward that along with the bug/pull ++request for us to add/fix, or run: ++ ++cat /var/log/audit/audit.log | audit2allow -w ++ ++which will verify that the avc is not already covered in the pcp ++policy file, and then: ++ ++cat /var/log/audit/audit.log | audit2allow -M mypolicy ++semodule -i mypolicy.pp ++ ++Be careful you understand what context accesses you're allowing with ++this policy, and that they *should* be allowed. ++ ++If you choose the latter, please be a good samaritan and forward the ++relevant avc denials upstream for the community to apply and ship the ++updated policy package. ++ + == Building == + + make -f /usr/share/selinux/devel/Makefile +diff --git a/src/selinux/pcpupstream.te.in b/src/selinux/pcpupstream.te.in +index 5f48533c1..236a0ecf1 100644 +--- a/src/selinux/pcpupstream.te.in ++++ b/src/selinux/pcpupstream.te.in +@@ -31,6 +31,7 @@ require { + type saslauthd_t; # pcp-lio + type modules_object_t; # pcp-lio + @PCP_NSFS_T@ ++ type nfsd_fs_t; #RHBZ1515928 + type pcp_pmie_exec_t; # pmdasummary + @PCP_SYSTEMCTL_UNIT_FILE_T@ + @PCP_SYSTEMCTL_EXEC_T@ +@@ -45,8 +46,11 @@ require { + type haproxy_t; # pmda.haproxy + type websm_port_t; # pmda.prometheus + type dey_sapi_port_t; #RHBZ1447585 ++ type gpmctl_t; #RHBZ1517656 ++ type proc_net_t; #RHBZ1517656 ++ type postfix_spool_t; #RHBZ1517862 + class lnk_file { read getattr }; +- class file { append create execute execute_no_trans getattr ioctl lock open read write }; ++ class file { append create execute execute_no_trans getattr ioctl lock open read write @PCP_HOSTNAME_EXEC_MAP@ }; + class dir { add_name open read search write getattr }; + class unix_stream_socket connectto; + class capability { kill sys_ptrace net_admin chown sys_chroot ipc_owner }; +@@ -55,6 +59,7 @@ require { + class fifo_file { getattr read open unlink }; # qa/455 + class process signal; #RHBZ1443632 + class sock_file write; #RHBZ1449671 ++ @PCP_SOCK_FILE_GETATTR@ + @PCP_CLASS_STATUS@ + class tcp_socket { name_bind name_connect }; + class shm { unix_read associate getattr }; +@@ -169,6 +174,15 @@ allow pcp_pmcd_t haproxy_t:unix_stream_socket connectto; + #RHBZ1505888 + allow pcp_pmcd_t sysctl_fs_t:file write; + ++#RHBZ1515928 ++allow pcp_pmcd_t nfsd_fs_t:dir search; ++allow pcp_pmcd_t nfsd_fs_t:file { getattr open read }; ++ ++#RHBZ1517656 ++@PCP_SOCK_FILE_GETATTR_RULE@ ++ ++#RHBZ1517862 ++allow pcp_pmcd_t postfix_spool_t:dir read; + #============= pcp_pmlogger_t ============== + allow pcp_pmlogger_t kmsg_device_t:chr_file { open write }; + allow pcp_pmlogger_t self:capability kill; +@@ -199,7 +213,7 @@ allow pcp_pmlogger_t dey_sapi_port_t:tcp_socket name_connect; + allow pcp_pmlogger_t user_home_dir_t:dir search; + + #============= pcp_pmie_t ============== +-allow pcp_pmie_t hostname_exec_t:file { execute execute_no_trans getattr open read }; ++allow pcp_pmie_t hostname_exec_t:file { execute execute_no_trans getattr open read @PCP_HOSTNAME_EXEC_MAP@ }; + + #type=AVC msg=audit(1498847682.537:15753): avc: denied { sys_ptrace } for pid=30881 comm="ps" capability=19 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:system_r:pcp_pmie_t:s0 tclass=capability permissive=0 + allow pcp_pmie_t self:capability { chown kill net_admin sys_ptrace }; +@@ -233,6 +247,10 @@ allow pcp_pmie_t unconfined_t:unix_stream_socket connectto; + + #audit: type=1400 audit(1504924094.677:197): avc: denied { execute_no_trans } for pid=3703 comm=pmie_check path=/usr/bin/pmie dev=dm-0 ino=2506240 scontext=system_u:system_r:pcp_pmie_t:s0 tcontext=system_u:object_r:pcp_pmie_exec_t:s0 tclass=file permissive=0 + allow pcp_pmie_t pcp_pmie_exec_t:file execute_no_trans; ++ ++#RHBZ1517656 ++allow pcp_pmie_t proc_net_t:file read; ++ + #============= pmda-lio ============== + allow pcp_pmcd_t configfs_t:dir { open read search }; + allow pcp_pmcd_t configfs_t:file { getattr open read }; +@@ -259,6 +277,11 @@ allow pcp_pmproxy_t sysctl_net_t:file { getattr open read }; + + #type=AVC msg=audit(1498837089.845:16693): avc: denied { search } for pid=14446 comm="pmproxy" name="net" dev="proc" ino=1168 scontext=system_u:system_r:pcp_pmproxy_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0 + allow pcp_pmproxy_t sysctl_net_t:dir search; ++ ++#type=AVC msg=audit(1511771694.686:575): avc: denied { read } for pid=28833 comm="pmproxy" name="unix" dev="proc" ino=4026532015 scontext=system_u:system_r:pcp_pmproxy_t:s0 tcontext=system_u:object_r:proc_net_t:s0 tclass=file ++#RHBZ1517656 ++allow pcp_pmproxy_t proc_net_t:file read; ++ + #============= pcp_pmmgr_t ============== + + #type=AVC msg=audit(1498835526.281:10254): avc: denied { name_bind } for pid=13114 comm="pmlogger" src=4332 scontext=system_u:system_r:pcp_pmmgr_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket permissive=0 diff --git a/SPECS/pcp.spec b/SPECS/pcp.spec index 4957f9a..e986729 100644 --- a/SPECS/pcp.spec +++ b/SPECS/pcp.spec @@ -1,29 +1,29 @@ +Name: pcp +Version: 3.12.2 +Release: 5%{?dist} Summary: System-level performance monitoring and performance management -Name: pcp -Version: 3.11.8 -%global buildversion 7 - -Release: %{buildversion}%{?dist} License: GPLv2+ and LGPLv2.1+ and CC-BY -URL: http://www.pcp.io -Group: Applications/System -# https://bintray.com/artifact/download/pcp/source/pcp-%{version}.src.tar.gz -Source0: %{name}-%{version}.src.tar.gz -# https://bintray.com/artifact/download/netflixoss/downloads/vector.tar.gz -Source1: vector-1.1.0.tar.gz -# https://github.com/performancecopilot/pcp-webjs/archive/3.11.2.tar.gz -Source2: pcp-webjs-3.11.8.src.tar.gz - -# Resolve missing dependency on upstream pcp-pmda-nutcracker (disabled) -Patch0: rhbz1425880.patch -# Series of SELinux policy and build improvements -Patch1: rhbz1432086.patch -# Updates to the perfevent PMDA -Patch2: rhbz1419490.patch -# Add pcp-zeroconf sub-package -Patch3: rhbz1211432.patch - -%if 0%{?fedora} || 0%{?rhel} +URL: http://www.pcp.io +Group: Applications/System + +%global bintray https://bintray.com/artifact/download +%global github https://github.com/performancecopilot + +Source0: %{bintray}/download/pcp/source/pcp-%{version}.src.tar.gz +Source1: %{github}/pcp-webapp-vector/archive/1.1.2/pcp-webapp-vector-1.1.2.tar.gz +Source2: %{github}/pcp-webapp-grafana/archive/1.9.1-2/pcp-webapp-grafana-1.9.1-2.tar.gz +Source3: %{github}/pcp-webapp-graphite/archive/0.9.10/pcp-webapp-graphite-0.9.10.tar.gz +Source4: %{github}/pcp-webapp-blinkenlights/archive/1.0.0/pcp-webapp-blinkenlights-1.0.0.tar.gz + +Patch0: rhbz1513503.patch +Patch1: selinux-pmstore.patch +Patch2: selinux.patch +Patch3: logmeta.patch +Patch4: rhbz1488116.patch +Patch5: rhbz1525864.patch +Patch6: rhbz1537623.patch + +%if 0%{?fedora} || 0%{?rhel} > 5 %global disable_selinux 0 %else %global disable_selinux 1 @@ -31,8 +31,8 @@ Patch3: rhbz1211432.patch %global disable_snmp 0 -# There are no papi/libpfm devel packages for s390 nor for some rhels, disable -%ifarch s390 s390x +# There are no papi/libpfm devel packages for s390, armv7hl nor for some rhels, disable +%ifarch s390 s390x armv7hl %global disable_papi 1 %global disable_perfevent 1 %else @@ -67,6 +67,12 @@ Patch3: rhbz1211432.patch %global disable_python3 1 %endif +%if 0%{?fedora} >= 24 || 0%{?rhel} > 7 +%global perl_interpreter perl-interpreter +%else +%global perl_interpreter perl +%endif + # support for pmdajson %if 0%{?rhel} == 0 || 0%{?rhel} > 6 %if !%{disable_python2} || !%{disable_python3} @@ -95,6 +101,10 @@ Patch3: rhbz1211432.patch # Qt development and runtime environment missing components before el6 %if 0%{?rhel} == 0 || 0%{?rhel} > 5 %global disable_qt 0 +# We need qt5 for fedora +%if 0%{?fedora} != 0 +%global default_qt 5 +%endif %else %global disable_qt 1 %endif @@ -117,6 +127,13 @@ Patch3: rhbz1211432.patch %endif %endif +# boost c++ library, widely available +%if 0%{?rhel} == 0 || 0%{?rhel} > 5 +%global disable_boost 0 +%else +%global disable_boost 1 +%endif + # rpm producing "noarch" packages %if 0%{?rhel} == 0 || 0%{?rhel} > 5 %global disable_noarch 0 @@ -124,11 +141,18 @@ Patch3: rhbz1211432.patch %global disable_noarch 1 %endif -# pcp-pmda-libvirt for aarch64 -%ifarch aarch64 -%global collector_with_pmda_libvirt 0 +%if 0%{?fedora} >= 24 +%global disable_elasticsearch 0 %else -%global collector_with_pmda_libvirt 1 +%global disable_elasticsearch 1 +%endif + +# python's xlsxwriter module hasn't been included yet, but hopefully +# it will be eventually, leaving this as a variable for now. +%if 0%{?fedora} || 0%{?rhel} +%global disable_xlsx 1 +%else +%global disable_xlsx 1 %endif # prevent conflicting binary and man page install for pcp(1) @@ -170,14 +194,25 @@ BuildRequires: cairo-devel %if !%{disable_sdt} BuildRequires: systemtap-sdt-devel %endif -BuildRequires: perl-devel perl(ExtUtils::MakeMaker) +%if !%{disable_boost} +BuildRequires: boost-devel +%endif +%if 0%{?rhel} == 0 || 0%{?rhel} > 5 +BuildRequires: perl-devel +%endif +BuildRequires: perl(ExtUtils::MakeMaker) BuildRequires: initscripts man %if !%{disable_systemd} BuildRequires: systemd-devel %endif %if !%{disable_qt} BuildRequires: desktop-file-utils +%if 0%{?default_qt} != 5 BuildRequires: qt4-devel >= 4.4 +%else +BuildRequires: qt5-qtbase-devel +BuildRequires: qt5-qtsvg-devel +%endif %endif Requires: bash gawk sed grep fileutils findutils initscripts which @@ -205,6 +240,7 @@ Obsoletes: pcp-gui-debuginfo %global _selinuxdir %{_localstatedir}/lib/pcp/selinux %global _logconfdir %{_localstatedir}/lib/pcp/config/pmlogconf %global _pixmapdir %{_datadir}/pcp-gui/pixmaps +%global _hicolordir %{_datadir}/icons/hicolor %global _booksdir %{_datadir}/doc/pcp-doc %if 0%{?fedora} >= 20 || 0%{?rhel} >= 8 @@ -218,8 +254,8 @@ Obsoletes: pcp-gui-debuginfo %global _with_initd --with-rcdir=%{_initddir} %endif -# we never want Infiniband on s390 platforms -%ifarch s390 s390x +# we never want Infiniband on s390 and armv7hl platforms +%ifarch s390 s390x armv7hl %global disable_infiniband 1 %else # we never want Infiniband on RHEL5 or earlier @@ -230,15 +266,17 @@ Obsoletes: pcp-gui-debuginfo %endif %endif -%if %{disable_infiniband} -%global _with_ib --with-infiniband=no +%if !%{disable_infiniband} +%global _with_ib --with-infiniband=yes %endif %if !%{disable_papi} %global _with_papi --with-papi=yes %endif -%if !%{disable_perfevent} +%if %{disable_perfevent} +%global _with_perfevent --with-perfevent=no +%else %global _with_perfevent --with-perfevent=yes %endif @@ -261,7 +299,7 @@ Obsoletes: pcp-gui-debuginfo %endif %global pmda_remove() %{expand: -if [ "%1" -eq 0 ] +if [ %1 -eq 0 ] then if [ -f "%{_confdir}/pmcd/pmcd.conf" ] && [ -f "%{_pmdasdir}/%2/domain.h" ] then @@ -271,33 +309,38 @@ fi } %global selinux_handle_policy() %{expand: -if [ "%1" -eq 1 ] +if [ -e /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled then - PCP_SELINUX_DIR=%{_selinuxdir} - if [ -f "$PCP_SELINUX_DIR/%2" ] + if [ %1 -ge 1 ] then - %if 0%{?fedora} >= 24 || 0%{?rhel} > 6 - (semodule -X 400 -i %{_selinuxdir}/%2) - %else - (semodule -i %{_selinuxdir}/%2) - %endif #distro version check - fi -elif [ "%1" -eq 0 ] -then - if semodule -l | grep %2 >/dev/null 2>&1 + PCP_SELINUX_DIR=%{_selinuxdir} + if [ -f "$PCP_SELINUX_DIR/%2" ] + then + if semodule -h | grep -q -- "-X" >/dev/null 2>&1 + then + (semodule -X 400 -i %{_selinuxdir}/%2) + else + (semodule -i %{_selinuxdir}/%2) + fi #semodule -X flag check + fi + elif [ %1 -eq 0 ] then - %if 0%{?fedora} >= 24 || 0%{?rhel} > 6 - (semodule -X 400 -r %2 >/dev/null) - %else - (semodule -r %2 >/dev/null) - %endif #distro version check + if semodule -l | grep %2 >/dev/null 2>&1 + then + if semodule -h | grep -q -- "-X" >/dev/null 2>&1 + then + (semodule -X 400 -r %2 >/dev/null) + else + (semodule -r %2 >/dev/null) + fi #semodule -X flag check + fi fi -fi +fi # check for an active selinux install } %description Performance Co-Pilot (PCP) provides a framework and services to support -system-level performance monitoring and performance management. +system-level performance monitoring and performance management. The PCP open source release provides a unifying abstraction for all of the interesting performance data in a system, and allows client @@ -339,8 +382,6 @@ License: GPLv2+ and LGPLv2.1+ Group: Development/Libraries Summary: Performance Co-Pilot (PCP) development headers URL: http://www.pcp.io -#Requires: pcp = %{version}-%{release} -#Requires: pcp-libs = %{version}-%{release} %description libs-devel Performance Co-Pilot (PCP) headers for development. @@ -418,10 +459,12 @@ HTTP (PMWEBAPI) protocol. %package webjs License: ASL2.0 and MIT and CC-BY Group: Applications/Internet +Conflicts: pcp-webjs < 3.11.9 %if !%{disable_noarch} BuildArch: noarch %endif -Requires: pcp-webapp-graphite pcp-webapp-grafana pcp-webapp-vector +Requires: pcp-webapp-vector pcp-webapp-blinkenlights +Requires: pcp-webapp-graphite pcp-webapp-grafana Summary: Performance Co-Pilot (PCP) web applications URL: http://www.pcp.io @@ -477,6 +520,19 @@ provides a graphite version that uses the Performance Co-Pilot (PCP) as the data repository, and Graphites web interface renders it. The Carbon and Whisper subsystems of Graphite are not included nor used. +%package webapp-blinkenlights +License: ASL2.0 +Group: Applications/Internet +%if !%{disable_noarch} +BuildArch: noarch +%endif +Summary: Blinking lights web application for Performance Co-Pilot (PCP) +URL: http://pcp.io + +%description webapp-blinkenlights +Demo web application showing traffic lights that change colour based +on the periodic evaluation of performance metric expressions. + # # perl-PCP-PMDA. This is the PCP agent perl binding. # @@ -486,7 +542,7 @@ Group: Development/Libraries Summary: Performance Co-Pilot (PCP) Perl bindings and documentation URL: http://www.pcp.io Requires: pcp-libs = %{version}-%{release} -Requires: perl +Requires: %{perl_interpreter} %description -n perl-PCP-PMDA The PCP::PMDA Perl module contains the language bindings for @@ -504,6 +560,7 @@ Group: Development/Libraries Summary: Performance Co-Pilot (PCP) Perl bindings for PCP Memory Mapped Values URL: http://www.pcp.io Requires: pcp-libs = %{version}-%{release} +Requires: %{perl_interpreter} %description -n perl-PCP-MMV The PCP::MMV module contains the Perl language bindings for @@ -522,6 +579,7 @@ Group: Development/Libraries Summary: Performance Co-Pilot (PCP) Perl bindings for importing external data into PCP archives URL: http://www.pcp.io Requires: pcp-libs = %{version}-%{release} +Requires: %{perl_interpreter} %description -n perl-PCP-LogImport The PCP::LogImport module contains the Perl language bindings for @@ -537,6 +595,7 @@ Group: Development/Libraries Summary: Performance Co-Pilot (PCP) Perl bindings for post-processing output of pmlogsummary URL: http://www.pcp.io Requires: pcp-libs = %{version}-%{release} +Requires: %{perl_interpreter} %description -n perl-PCP-LogSummary The PCP::LogSummary module provides a Perl module for using the @@ -639,6 +698,31 @@ Zabbix via the Zabbix agent - see zbxpcp(3) for further details. %if !%{disable_python2} || !%{disable_python3} # +# pcp-export-pcp2elasticsearch +# +%if !%{disable_elasticsearch} +%package export-pcp2elasticsearch +License: GPLv2+ +Group: Applications/System +Summary: Performance Co-Pilot tools for exporting PCP metrics to ElasticSearch +URL: http://www.pcp.io +Requires: pcp-libs >= %{version}-%{release} +%if !%{disable_python3} +Requires: python3-pcp = %{version}-%{release} +Requires: python3-elasticsearch +BuildRequires: python3-elasticsearch +%else +Requires: python-pcp = %{version}-%{release} +Requires: python-elasticsearch +BuildRequires: python-elasticsearch +%endif + +%description export-pcp2elasticsearch +Performance Co-Pilot (PCP) front-end tools for exporting metric values +to Elasticsearch - a distributed, RESTful search and analytics engine. +See https://www.elastic.co/community for further details. +%endif +# # pcp-export-pcp2graphite # %package export-pcp2graphite @@ -676,6 +760,83 @@ Requires: python-requests %description export-pcp2influxdb Performance Co-Pilot (PCP) front-end tools for exporting metric values to InfluxDB (https://influxdata.com/time-series-platform/influxdb). + +# +# pcp-export-pcp2json +# +%package export-pcp2json +License: GPLv2+ +Group: Applications/System +Summary: Performance Co-Pilot tools for exporting PCP metrics in JSON format +URL: http://www.pcp.io +Requires: pcp-libs >= %{version}-%{release} +%if !%{disable_python3} +Requires: python3-pcp = %{version}-%{release} +%else +Requires: python-pcp = %{version}-%{release} +%endif + +%description export-pcp2json +Performance Co-Pilot (PCP) front-end tools for exporting metric values +in JSON format. + +# +# pcp-export-pcp2xlsx +# +%if !%{disable_xlsx} +%package export-pcp2xlsx +License: GPLv2+ +Group: Applications/System +Summary: Performance Co-Pilot tools for exporting PCP metrics to Excel +URL: http://www.pcp.io +Requires: pcp-libs >= %{version}-%{release} +%if !%{disable_python3} +Requires: python3-pcp = %{version}-%{release} +%else +Requires: python-pcp = %{version}-%{release} +%endif + +%description export-pcp2xlsx +Performance Co-Pilot (PCP) front-end tools for exporting metric values +in Excel spreadsheet format. +%endif +# +# pcp-export-pcp2xml +# +%package export-pcp2xml +License: GPLv2+ +Group: Applications/System +Summary: Performance Co-Pilot tools for exporting PCP metrics in XML format +URL: http://www.pcp.io +Requires: pcp-libs >= %{version}-%{release} +%if !%{disable_python3} +Requires: python3-pcp = %{version}-%{release} +%else +Requires: python-pcp = %{version}-%{release} +%endif + +%description export-pcp2xml +Performance Co-Pilot (PCP) front-end tools for exporting metric values +in XML format. + +# +# pcp-export-pcp2zabbix +# +%package export-pcp2zabbix +License: GPLv2+ +Group: Applications/System +Summary: Performance Co-Pilot tools for exporting PCP metrics to Zabbix +URL: http://www.pcp.io +Requires: pcp-libs >= %{version}-%{release} +%if !%{disable_python3} +Requires: python3-pcp = %{version}-%{release} +%else +Requires: python-pcp = %{version}-%{release} +%endif + +%description export-pcp2zabbix +Performance Co-Pilot (PCP) front-end tools for exporting metric values +to the Zabbix (https://www.zabbix.org/) monitoring software. %endif %if !%{disable_papi} @@ -952,7 +1113,7 @@ Requires: perl-PCP-PMDA = %{version}-%{release} This package contains the PCP Performance Metrics Domain Agent (PMDA) for collecting metrics about the Lustre Filesystem. #end pcp-pmda-lustre - + # # pcp-pmda-lustrecomm # @@ -1262,7 +1423,7 @@ Requires: pcp-libs = %{version}-%{release} This package contains the PCP Performance Metrics Domain Agent (PMDA) for collecting metrics about the Device Mapper Cache and Thin Client. # end pcp-pmda-dm - + %if !%{disable_python2} || !%{disable_python3} # @@ -1282,7 +1443,7 @@ Requires: python-pcp This package contains the PCP Performance Metrics Domain Agent (PMDA) for collecting metrics about the gluster filesystem. # end pcp-pmda-gluster - + # # pcp-pmda-zswap # @@ -1338,6 +1499,24 @@ collecting metrics about Intel MIC cards. # end pcp-pmda-mic # +# pcp-pmda-haproxy +# +%package pmda-haproxy +License: GPLv2+ +Group: Applications/System +Summary: Performance Co-Pilot (PCP) metrics for HAProxy +URL: http://www.pcp.io +%if !%{disable_python3} +Requires: python3-pcp +%else +Requires: python-pcp +%endif +%description pmda-haproxy +This package contains the PCP Performance Metrics Domain Agent (PMDA) for +extracting performance metrics from HAProxy over the HAProxy stats socket. +# end pcp-pmda-haproxy + +# # pcp-pmda-libvirt # %package pmda-libvirt @@ -1348,12 +1527,12 @@ URL: http://www.pcp.io %if !%{disable_python3} Requires: python3-pcp Requires: libvirt-python3 python3-lxml -BuildRequires: libvirt-python3 +BuildRequires: libvirt-python3 python3-lxml %else Requires: python-pcp Requires: libvirt-python python-lxml %if 0%{?rhel} == 0 || 0%{?rhel} > 5 -BuildRequires: libvirt-python +BuildRequires: libvirt-python python-lxml %endif %endif %description pmda-libvirt @@ -1373,9 +1552,11 @@ URL: http://www.pcp.io %if !%{disable_python3} Requires: python3-pcp Requires: python3-rtslib +BuildRequires: python3-rtslib %else Requires: python-pcp Requires: python-rtslib +BuildRequires: python-rtslib %endif %description pmda-lio This package provides a PMDA to gather performance metrics from the kernels @@ -1385,6 +1566,30 @@ summary instance per iSCSI target, which aggregates all LUN metrics within the target. #end pcp-pmda-lio +# +# pcp-pmda-prometheus +# +%package pmda-prometheus +License: GPLv2+ +Group: Applications/System +Summary: Performance Co-Pilot (PCP) metrics from Prometheus endpoints +URL: http://www.pcp.io +Requires: pcp-libs = %{version}-%{release} +%if !%{disable_python3} +Requires: python3-pcp +Requires: python3-requests +BuildRequires: python3-requests +%else +Requires: python-pcp +Requires: python-requests +BuildRequires: python-requests +%endif + +%description pmda-prometheus +This package contains the PCP Performance Metrics Domain Agent (PMDA) for +extracting statistics from programs instrumented as Prometheus endpoints. +#end pcp-pmda-prometheus + %endif # !%{disable_python2} || !%{disable_python3} %if !%{disable_json} @@ -1696,10 +1901,8 @@ Requires: pcp-pmda-lustrecomm pcp-pmda-logger pcp-pmda-docker pcp-pmda-bind2 Requires: pcp-pmda-nutcracker %endif %if !%{disable_python2} || !%{disable_python3} -Requires: pcp-pmda-gluster pcp-pmda-zswap pcp-pmda-unbound pcp-pmda-mic pcp-pmda-lio -%if %{collector_with_pmda_libvirt} -Requires: pcp-pmda-libvirt -%endif +Requires: pcp-pmda-gluster pcp-pmda-zswap pcp-pmda-unbound pcp-pmda-mic +Requires: pcp-pmda-libvirt pcp-pmda-lio pcp-pmda-prometheus pcp-pmda-haproxy %endif %if !%{disable_snmp} Requires: pcp-pmda-snmp @@ -1728,7 +1931,7 @@ URL: http://www.pcp.io Requires: pcp-webapi %endif %if !%{disable_python2} || !%{disable_python3} -Requires: pcp-system-tools +Requires: pcp-system-tools %endif %if !%{disable_qt} Requires: pcp-gui @@ -1811,7 +2014,7 @@ Requires: pcp-libs = %{version}-%{release} This PCP module contains additional system monitoring tools written in python. %endif #end pcp-system-tools - + %if !%{disable_qt} # # pcp-gui package for Qt tools @@ -1822,6 +2025,7 @@ Group: Applications/System Summary: Visualization tools for the Performance Co-Pilot toolkit URL: http://www.pcp.io Requires: pcp = %{version}-%{release} pcp-libs = %{version}-%{release} +BuildRequires: hicolor-icon-theme %description gui Visualization tools for the Performance Co-Pilot toolkit. @@ -1867,9 +2071,13 @@ Group: Applications/System Summary: Selinux policy package URL: http://www.pcp.io BuildRequires: selinux-policy-devel +BuildRequires: selinux-policy-targeted +%if 0%{?rhel} == 5 +BuildRequires: setools +%else BuildRequires: setools-console +%endif Requires: policycoreutils -Requires: pcp = %{version}-%{release} %description selinux This package contains SELinux support for PCP. The package contains @@ -1878,13 +2086,18 @@ updated policy package. %endif %prep +%setup -q -T -D -a 1 -c -n vector +%setup -q -T -D -a 2 -c -n grafana +%setup -q -T -D -a 3 -c -n graphite +%setup -q -T -D -a 4 -c -n blinkenlights %setup -q -%setup -q -T -D -a 1 -c -n pcp-%{version}/vector -%setup -q -T -D -a 2 %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 %clean rm -Rf $RPM_BUILD_ROOT @@ -1919,12 +2132,11 @@ rm -fr $RPM_BUILD_ROOT/%{_initddir}/pmwebd rm -fr $RPM_BUILD_ROOT/%{_unitdir}/pmwebd.service rm -f $RPM_BUILD_ROOT/%{_libexecdir}/pcp/bin/pmwebd %endif -# prefer latest released Netflix version over pcp-webjs copy. -rm -fr pcp-webjs/vector -sed -i -e 's/vector [0-9]\.[0-9]*\.[0-9]*/vector/g' pcp-webjs/index.html -mv pcp-webjs/* $RPM_BUILD_ROOT/%{_datadir}/pcp/webapps -rmdir pcp-webjs -mv vector $RPM_BUILD_ROOT/%{_datadir}/pcp/webapps +for app in vector grafana graphite blinkenlights; do + pwd + webapp=`find ../$app -mindepth 1 -maxdepth 1` + mv $webapp $RPM_BUILD_ROOT/%{_datadir}/pcp/webapps/$app +done %if %{disable_infiniband} # remove pmdainfiniband on platforms lacking IB devel packages. @@ -1938,6 +2150,7 @@ rm -fr $RPM_BUILD_ROOT/%{_selinuxdir} %if %{disable_qt} rm -fr $RPM_BUILD_ROOT/%{_pixmapdir} +rm -fr $RPM_BUILD_ROOT/%{_hicolordir} rm -fr $RPM_BUILD_ROOT/%{_confdir}/pmsnap rm -fr $RPM_BUILD_ROOT/%{_localstatedir}/lib/pcp/config/pmsnap rm -fr $RPM_BUILD_ROOT/%{_localstatedir}/lib/pcp/config/pmchart @@ -1955,6 +2168,12 @@ for f in $RPM_BUILD_ROOT/%{_initddir}/{pcp,pmcd,pmlogger,pmie,pmwebd,pmmgr,pmpro sed -i -e '/^# chkconfig/s/:.*$/: - 95 05/' -e '/^# Default-Start:/s/:.*$/:/' $f done +%if 0%{?fedora} > 26 +PCP_SYSCONFIG_DIR=%{_sysconfdir}/sysconfig +sed -i 's/^\#\ PMLOGGER_LOCAL.*/PMLOGGER_LOCAL=1/g' "$RPM_BUILD_ROOT/$PCP_SYSCONFIG_DIR/pmlogger" +sed -i 's/^\#\ PMCD_LOCAL.*/PMCD_LOCAL=1/g' "$RPM_BUILD_ROOT/$PCP_SYSCONFIG_DIR/pmcd" +%endif + # list of PMDAs in the base pkg ls -1 $RPM_BUILD_ROOT/%{_pmdasdir} |\ grep -E -v '^simple|sample|trivial|txmon' |\ @@ -2018,12 +2237,14 @@ ls -1 $RPM_BUILD_ROOT/%{_pmdasdir} |\ grep -E -v '^gluster' |\ grep -E -v '^zswap' |\ grep -E -v '^unbound' |\ + grep -E -v '^haproxy' |\ sed -e 's#^#'%{_pmdasdir}'\/#' >base_pmdas.list # all base pcp package files except those split out into sub packages ls -1 $RPM_BUILD_ROOT/%{_bindir} |\ grep -E -v 'pmiostat|pmcollectl|pmatop|zabbix|zbxpcp' |\ - grep -E -v 'pmrep|pcp2graphite|pcp2influxdb' |\ + grep -E -v 'pmrep|pcp2graphite|pcp2influxdb|pcp2zabbix' |\ + grep -E -v 'pcp2elasticsearch|pcp2json|pcp2xlsx|pcp2xml' |\ grep -E -v 'pmdbg|pmclient|pmerr|genpmda' |\ sed -e 's#^#'%{_bindir}'\/#' >base_bin.list # @@ -2036,13 +2257,13 @@ ls -1 $RPM_BUILD_ROOT/%{_bindir} |\ grep -E 'pmiostat|pmcollectl|pmatop|pmrep' |\ sed -e 's#^#'%{_bindir}'\/#' >pcp_system_tools.list ls -1 $RPM_BUILD_ROOT/%{_libexecdir}/pcp/bin |\ - grep -E 'atop|collectl|dmcache|free|iostat|mpstat|numastat|pidstat|verify|uptime|shping' |\ + grep -E 'atop|collectl|dmcache|free|iostat|mpstat|numastat|pidstat|tapestat|verify|uptime|shping' |\ sed -e 's#^#'%{_libexecdir}/pcp/bin'\/#' >>pcp_system_tools.list %endif ls -1 $RPM_BUILD_ROOT/%{_libexecdir}/pcp/bin |\ %if !%{disable_python2} || !%{disable_python3} - grep -E -v 'atop|collectl|dmcache|free|iostat|mpstat|numastat|pidstat|verify|uptime|shping' |\ + grep -E -v 'atop|collectl|dmcache|free|iostat|mpstat|numastat|pidstat|tapestat|verify|uptime|shping' |\ %endif sed -e 's#^#'%{_libexecdir}/pcp/bin'\/#' >base_exec.list ls -1 $RPM_BUILD_ROOT/%{_booksdir} |\ @@ -2060,6 +2281,8 @@ ls -1 $RPM_BUILD_ROOT/%{_selinuxdir} |\ %if !%{disable_qt} ls -1 $RPM_BUILD_ROOT/%{_pixmapdir} |\ sed -e 's#^#'%{_pixmapdir}'\/#' > pcp-gui.list +ls -1 $RPM_BUILD_ROOT/%{_hicolordir} |\ + sed -e 's#^#'%{_hicolordir}'\/#' >> pcp-gui.list cat base_bin.list base_exec.list |\ grep -E "$PCP_GUI" >> pcp-gui.list %endif @@ -2068,7 +2291,7 @@ ls -1 $RPM_BUILD_ROOT/%{_logconfdir}/ |\ grep -E -v 'zeroconf' >pcp-logconf.list cat base_pmdas.list base_bin.list base_exec.list pcp-logconf.list |\ grep -E -v 'pmdaib|pmmgr|pmweb|pmsnap|2pcp|pmdas/systemd' |\ - grep -E -v "$PCP_GUI|pixmaps|pcp-doc|tutorials|selinux" |\ + grep -E -v "$PCP_GUI|pixmaps|hicolor|pcp-doc|tutorials|selinux" |\ grep -E -v %{_confdir} | grep -E -v %{_logsdir} > base.list # all devel pcp package files except those split out into sub packages @@ -2260,6 +2483,9 @@ fi %preun pmda-lio %{pmda_remove "$1" "lio"} +%preun pmda-prometheus +%{pmda_remove "$1" "prometheus"} + %preun pmda-lustre %{pmda_remove "$1" "lustre"} @@ -2320,6 +2546,9 @@ fi %preun pmda-mic %{pmda_remove "$1" "mic"} +%preun pmda-haproxy +%{pmda_remove "$1" "haproxy"} + %preun pmda-libvirt %{pmda_remove "$1" "libvirt"} %endif # !%{disable_python[2,3]} @@ -2377,11 +2606,10 @@ if [ "$1" -eq 0 ] then # stop daemons before erasing the package %if !%{disable_systemd} - systemctl --no-reload disable pmlogger.service >/dev/null 2>&1 - systemctl --no-reload disable pmie.service >/dev/null 2>&1 - systemctl --no-reload disable pmproxy.service >/dev/null 2>&1 - systemctl --no-reload disable pmcd.service >/dev/null 2>&1 - + %systemd_preun pmlogger.service + %systemd_preun pmie.service + %systemd_preun pmproxy.service + %systemd_preun pmcd.service systemctl stop pmlogger.service >/dev/null 2>&1 systemctl stop pmie.service >/dev/null 2>&1 systemctl stop pmproxy.service >/dev/null 2>&1 @@ -2467,7 +2695,6 @@ pmieconf -c enable dmthin %endif %endif #zeroconf - %if !%{disable_selinux} %post selinux %{selinux_handle_policy "$1" "pcpupstream.pp"} @@ -2486,30 +2713,6 @@ PCP_PMNS_DIR=%{_pmnsdir} test -s "$PCP_LOG_DIR/configs.sh" && source "$PCP_LOG_DIR/configs.sh" rm -f $PCP_LOG_DIR/configs.sh -# migrate old to new temp dir locations (within the same filesystem) -migrate_tempdirs() -{ - _sub="$1" - _new_tmp_dir=%{_tempsdir} - _old_tmp_dir=%{_localstatedir}/tmp - - for d in "$_old_tmp_dir/$_sub" ; do - test -d "$d" -a -k "$d" || continue - cd "$d" || continue - for f in * ; do - [ "$f" != "*" ] || continue - source="$d/$f" - target="$_new_tmp_dir/$_sub/$f" - [ "$source" != "$target" ] || continue - [ -f "$target" ] || mv -fu "$source" "$target" - done - cd && rmdir "$d" 2>/dev/null - done -} -for daemon in mmv pmdabash pmie pmlogger -do - migrate_tempdirs $daemon -done chown -R pcp:pcp %{_logsdir}/pmcd 2>/dev/null chown -R pcp:pcp %{_logsdir}/pmlogger 2>/dev/null chown -R pcp:pcp %{_logsdir}/pmie 2>/dev/null @@ -2517,9 +2720,12 @@ chown -R pcp:pcp %{_logsdir}/pmproxy 2>/dev/null touch "$PCP_PMNS_DIR/.NeedRebuild" chmod 644 "$PCP_PMNS_DIR/.NeedRebuild" %if !%{disable_systemd} - systemctl condrestart pmcd.service >/dev/null 2>&1 - systemctl condrestart pmlogger.service >/dev/null 2>&1 - systemctl condrestart pmie.service >/dev/null 2>&1 + %systemd_postun_with_restart pmcd.service + %systemd_post pmcd.service + %systemd_postun_with_restart pmlogger.service + %systemd_post pmlogger.service + %systemd_postun_with_restart pmie.service + %systemd_post pmie.service systemctl condrestart pmproxy.service >/dev/null 2>&1 %else /sbin/chkconfig --add pmcd >/dev/null 2>&1 @@ -2627,7 +2833,7 @@ cd %{_localstatedir}/lib/pcp/config/pmlogrewrite %dir %attr(0775,pcp,pcp) %{_localstatedir}/lib/pcp/config/pmda -%{_datadir}/bash-completion/completions/pcp +%{_datadir}/bash-completion/completions/* %{_datadir}/zsh/site-functions/_pcp %if !%{disable_sdt} @@ -2643,6 +2849,8 @@ cd %files zeroconf %{_localstatedir}/lib/pcp/config/pmlogconf/zeroconf +#additional pmlogger config files + %files conf %dir %{_includedir}/pcp %{_includedir}/pcp/builddefs @@ -2668,6 +2876,9 @@ cd %{_libdir}/libpcp_trace.so %{_libdir}/libpcp_import.so %{_libdir}/libpcp_web.so +%{_libdir}/pkgconfig/libpcp.pc +%{_libdir}/pkgconfig/libpcp_pmda.pc +%{_libdir}/pkgconfig/libpcp_import.pc %{_includedir}/pcp/*.h %files devel -f devel.list @@ -2706,7 +2917,10 @@ cd %{_datadir}/pcp/webapps/*.png %{_datadir}/pcp/webapps/*.ico %{_datadir}/pcp/webapps/*.html -%{_datadir}/pcp/webapps/*.txt + +%files webapp-blinkenlights +%dir %{_datadir}/pcp +%dir %{_datadir}/pcp/webapps %{_datadir}/pcp/webapps/blinkenlights %files webapp-grafana @@ -2802,6 +3016,9 @@ cd %files pmda-lio %{_pmdasdir}/lio +%files pmda-prometheus +%{_pmdasdir}/prometheus + %files pmda-lustre %{_pmdasdir}/lustre @@ -2852,8 +3069,8 @@ cd %files pmda-rsyslog %{_pmdasdir}/rsyslog -%files pmda-samba -%{_pmdasdir}/samba +%files pmda-samba +%{_pmdasdir}/samba %if !%{disable_snmp} %files pmda-snmp @@ -2885,14 +3102,36 @@ cd %files pmda-mic %{_pmdasdir}/mic +%files pmda-haproxy +%{_pmdasdir}/haproxy + %files pmda-libvirt %{_pmdasdir}/libvirt +%if !%{disable_elasticsearch} +%files export-pcp2elasticsearch +%{_bindir}/pcp2elasticsearch +%endif + %files export-pcp2graphite %{_bindir}/pcp2graphite %files export-pcp2influxdb %{_bindir}/pcp2influxdb + +%files export-pcp2json +%{_bindir}/pcp2json + +%if !%{disable_xlsx} +%files export-pcp2xlsx +%{_bindir}/pcp2xlsx +%endif + +%files export-pcp2xml +%{_bindir}/pcp2xml + +%files export-pcp2zabbix +%{_bindir}/pcp2zabbix %endif # !%{disable_python2} || !%{disable_python3} %files export-zabbix-agent @@ -3001,6 +3240,27 @@ cd %endif %changelog +* Mon Jan 29 2018 Lukas Berk - 3.12.2-5 +- Correction to spec file and selinux policy (BZ 1488116) +- Show all perfevent metrics in pcpatop (BZ 1525864) +- Multilib corrections (BZ 1537623) + +* Wed Nov 29 2017 Nathan Scott - 3.12.2-4 +- Correction to selinux.patch embedded spec file change + +* Wed Nov 29 2017 Nathan Scott - 3.12.2-3 +- Update Source2 for external grafana webapp (BZ 1516933) +- Remove an unhelpful log metadata diagnostic (BZ 1472153) + +* Tue Nov 28 2017 Lukas Berk - 3.12.2-2 +- Selinux policy updates (BZs 1517655,1517656,1480447,1505888,1515928,1517281,1517862) +- Multilib corrections (BZ 1513503) + +* Fri Oct 20 2017 Lukas Berk - 3.12.2-1 +- Selinux policy updates (BZs 1459165,1460131,1488116,1447585,1449671) +- PCP bash completions not working (BZ 1482605) +- pmdabash man page fix (BZ 1459907) + * Wed Jun 14 2017 Nathan Scott - 3.11.8-7 - Fix problems in the new pcp-zeroconf sub-package (BZ 1456609) @@ -3106,7 +3366,7 @@ cd * Fri Sep 05 2014 Frank Ch. Eigler - 3.9.10-4 - Add pcpfans add-ons. -- Correct webapi subrpm license tag +- Correct webapi subrpm license tag * Fri Sep 05 2014 Lukas Berk - 3.9.10-2 - Add condition for disable_papi on arch and rhel version