Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Machine ID: Handle Kernel Version check failing more gracefully #34780

Merged
merged 3 commits into from Nov 21, 2023
Merged

Machine ID: Handle Kernel Version check failing more gracefully #34780

merged 3 commits into from Nov 21, 2023

Conversation

strideynet
Copy link
Contributor

Previously, if this check failed, tbot would crash out, e.g:

lstat /proc/sys/kernel/osrelease: no such file or directory

This occurred in a restricted container environment where much of /proc/sys is not available (Spacelift).

It makes more sense to gracefully degrade to not using kernel features we expect from newer versions.

Closes #34390

changelog: fix tbot crashing when used in environments where the kernel version cannot be queried.

bl-nero
bl-nero reviewed Nov 21, 2023
View reviewed changes
lib/tbot/botfs/fs_linux.go Outdated Show resolved Hide resolved
espadolini
espadolini approved these changes Nov 21, 2023
View reviewed changes
lib/tbot/botfs/fs_linux.go
minKernel := semver.New(Openat2MinKernel)
version, err := utils.KernelVersion()
if err != nil {
return false, trace.Wrap(err)
log.WithError(err).Info("Failed to determine kernel version. It will be assumed secure write support is not available.")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we only ever call this once? It's gonna be annoying if we end up accidentally calling this in a loop.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup - this is only called on initialisation at the mo.

@strideynet strideynet added this pull request to the merge queue Nov 21, 2023
@github-merge-queue github-merge-queue bot removed this pull request from the merge queue due to failed status checks Nov 21, 2023
@strideynet strideynet added this pull request to the merge queue Nov 21, 2023
Merged via the queue into master with commit 119d761 Nov 21, 2023
34 checks passed
@strideynet strideynet deleted the strideynet/handle-kernel-version-check-failing-graceflly branch November 21, 2023 10:51
@public-teleport-github-review-bot
Copy link

@strideynet See the table below for backport results.

Branch Result
branch/v12 Failed
branch/v13 Failed
branch/v14 Create PR

@strideynet strideynet mentioned this pull request Nov 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@espadolini espadolini espadolini approved these changes

@tigrato tigrato tigrato approved these changes

@bl-nero bl-nero bl-nero approved these changes

Assignees
No one assigned
Labels
backport/branch/v12 backport/branch/v13 backport/branch/v14 machine-id size/sm
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Machine ID: Handle environments where /proc/sys/kernel/osrelease is not available
4 participants
@strideynet @espadolini @tigrato @bl-nero