Closed jw3 closed 1 year ago
Coverage 95.06% => 95.81%
The profiler mode was not removed from the fapolicyd manager, but that shouldnt cause any issues. All the call sites are gone.
I dont want to disturb that in this PR, it can be reviewed when #792 is addressed.
I ran into a few issues last Friday, but saw that @jw3 was still pushing changes so thought this might get addressed and wanted to test w/an updated RPM over Rhel86:
Running w//usr/bin/ls
copied to /tmp/my-ls
and attempting to use the env var setting: PATH=$PATH:.
, the profiler tool view does not update the lower pane. The image was captured after a number of minutes after invoking the profiler Run
button. Whether the cmd was run or not is TBD however the GUI is still live and responding to mouse events.
Note: The target's absolute path was correctly generated by the _rel_tgt_which()
function. In the prior implementation, the target binary was always referenced via it's full path as an argument to Python's subprocess.Popen()
constructor.
INFO:root:validateArgs() DEBUG:root:validateArgs({'cmd': 'my-ls', 'arg': '-l', 'uid': 'toma', 'pwd': '/tmp', 'env': 'PATH=$PATH:.'} DEBUG:root:Processing current working dir: /tmp DEBUG:root:FaProfSession::validateArgs() --> pwd verified DEBUG:root:expand_path($PATH:., /tmp) DEBUG:root:expand_path::path = /usr/sbin:/usr/bin:/sbin:/bin:/root/bin:/tmp DEBUG:root:exec=my-ls, Profiling PATH = /usr/sbin:/usr/bin:/sbin:/bin:/root/bin:/tmp INFO:root:_rel_tgt_which() - return value:/tmp/my-ls DEBUG:root:Entry text = {'cmd': 'my-ls', 'arg': '-l', 'uid': 'toma', 'pwd': '/tmp', 'env': 'PATH=$PATH:.', 'env_dict': {'PATH': '$PATH:.'}} DEBUG:root:dispatch( START_PROFILING_REQUEST )
Same target except using the absolute path to the executable. Directly executing fapolicyd --debug --permissive
sends its output to stderr
and not stdout
on Rhel86. Maybe this differs with a newer release of fapolicyd
.
The last observation... With a specified user and unspecified working directory, the target is executed in the root
user's home directory. The first iteration used the specified user's home directory as its pwd
in the event the profiling target performed relative file r/w operations.
Completion of the Profiler v2 integration.
This replaces the original Python profiler implementation using a combination of Rust and Redux components.
Highlights
Future
An existing capability that was not integrated here is the ability to profile with temporary rules, ie undeployed work in progress rules. This is implemented in the backend, but was integrated into the GUI in this PR.
Closes #767