search

kolide / launcher

Osquery launcher, autoupdater, and packager
https://kolide.com/launcher
Other
505 stars 100 forks source link

`loginctl --output-json` does not output json, eventually leading to missing systray icon #1758

Closed roobre closed 3 months ago

roobre commented 3 months ago

I've been chasing for a couple days why the kolide agent wasn't showing a systray icon for me and some other coworkers who use Arch Linux (btw).

In /var/kolide-k2/k2device.kolide.com/debug.json I was able to find this message being spammed:

{"time":"2024-06-21T15:43:31.114726268Z","level":"INFO","source":{"function":"github.com/kolide/launcher/ee/desktop/runner.(*DesktopUsersProcessesRunner).Execute","file":"/home/runner/work/launcher/launcher/ee/desktop/runner/runner.go","line":226},"msg":"running console user desktop","launcher_run_id":"REDACTED","component":"desktop_runner","err":"getting console users: loginctl list-sessions unmarshall json output: invalid character '1' after top-level value"}

Which seems to be caused by this line

https://github.com/kolide/launcher/blob/d80b842f943ee480ecd61ec929bf4dc5400c5a67/ee/consoleuser/consoleuser_linux.go#L23

I believe this is not working because loginctl --output-json does not output json on recent systemd versions:

roobre@Archiroo 󱃾 curry-admin@Curry
18:00:28 ~ $> loginctl list-sessions --output=json
SESSION  UID USER   SEAT  LEADER CLASS   TTY IDLE SINCE
      1 1000 roobre seat0 2774   greeter -   no   -
      2 1000 roobre -     3153   manager -   no   -

2 sessions listed.

The correct flag to get JSON output now seems to be --json=short:

roobre@Archiroo 󱃾 curry-admin@Curry
18:03:08 ~ $> loginctl list-sessions --json=short
[{"session":"1","uid":1000,"user":"roobre","seat":"seat0","leader":2774,"class":"greeter","tty":null,"idle":false,"since":null},{"session":"2","uid":1000,"user":"roobre","seat":null,"leader":3153,"class":"manager","tty":null,"idle":false,"since":null}]

I was able to work around this by replacing /usr/bin/loginctl with a shim script that translates --output=json to --json=short, but this is obviously not a very good workaround as it won't survive a systemd update. Placing the shim in /usr/local/bin/ or similar is not possible as Kolide hardcodes this path: https://github.com/kolide/launcher/blob/d80b842f943ee480ecd61ec929bf4dc5400c5a67/ee/allowedcmd/cmd_linux.go#L85

It would be great if Kolide would support newer loginctl versions and pass the appropriate flag to them!

RebeccaMahany commented 3 months ago

Linking another related issue: https://github.com/kolide/launcher/issues/1522

Could you pass along your OS version and/or systemd version to help us reproduce and test a fix? Thank you!

roobre commented 3 months ago

Yes, this is on Arch Linux (rolling) and systemd 256

19:08:25 ~ #> loginctl --version
systemd 256 (256.1-1-arch-g34ba18b^)
+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP -SYSVINIT +LIBARCHIVE

19:08:59 ~ #> pacman -Q systemd
systemd 256.1-1
RebeccaMahany commented 3 months ago

This change is merged and will be released in the next launcher release (date TBD but likely within a month).

roobre commented 3 months ago

That's awesome, thank you & kudos @RebeccaMahany!

RebeccaMahany commented 2 months ago

This was fixed in the v1.9.4 release