search

kolide / launcher

Osquery launcher, autoupdater, and packager
https://kolide.com/launcher
Other
501 stars 99 forks source link

Try both `--output=json` and `--json=short` when running `loginctl list-sessions` output #1759

Closed RebeccaMahany closed 1 week ago

RebeccaMahany commented 1 week ago

The output flag for loginctl list-sessions has changed in more recent versions of systemd: https://www.freedesktop.org/software/systemd/man/latest/loginctl.html#Session%20Commands

On Ubuntu at least up to 24.04, systemd doesn't use this new --json flag -- I think at this point, the older flag will be much more widely supported in our userbase. So I have defaulted to trying with the older flag first, and falling back to the newer flag in case of error. Eventually we will want to swap the order that we try the flags in.

Confirmed --json=short output is compatible with what we previously expected (session, uid, user, seat all present):

[becca@arch-2 ~]$ loginctl --version
systemd 256 (256.1-1-arch-g34ba18b^)
+PAM +AUDIT -SELINUX -APPARMOR -IMA +SMACK +SECCOMP +GCRYPT +GNUTLS +OPENSSL +ACL +BLKID +CURL +ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBCRYPTSETUP_PLUGINS +LIBFDISK +PCRE2 +PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD +BPF_FRAMEWORK +XKBCOMMON +UTMP -SYSVINIT +LIBARCHIVE

[becca@arch-2 ~]$ loginctl list-sessions --no-legend --no-pager --json=short
[{"session":"3","uid":1002,"user":"becca","seat":null,"leader":9206,"class":"user","tty":"pts/0","idle":false,"since":null}]

Relates to https://github.com/kolide/launcher/issues/1758

Notes on setting up a test environment I set up an arch VM in Google Cloud to test this -- here are the steps. I used a base image from [this project](https://github.com/GoogleCloudPlatform/compute-archlinux-image-builder) and created a VM: ``` gcloud compute instances create --image-project=arch-linux-gce --image-family=arch --project ``` I SSHed to the VM and got it updated via [these instructions](https://wiki.archlinux.org/title/Pacman/Package_signing#Upgrade_system_regularly) ``` pacman -Sy --needed archlinux-keyring && pacman -Su ``` Validated that it's adequately updated via `loginctl --version` and `loginctl list-sessions --no-legend --no-pager --json=short`. I stopped the VM, enabled `display device`, and restarted the VM – I think this is what got me a `Remote=no Active=yes` session to be able to get a desktop process going. I uploaded launcher binary from this PR's artifacts to VM; I uploaded osqueryd binary [from the releases](https://github.com/osquery/osquery/releases) to the VM; `chmod +x` both. I made a root dir for testing, then ran launcher and let it start up: ``` sudo ./launcher --hostname --root_directory --osqueryd_path --transport jsonrpc --enroll_secret ``` In another window, I confirmed I saw the launcher desktop process eventually -- `ps -eaf | grep launcher`. There were some errors (e.g. no tray is running, so we get errors about no tray running), but seeing the desktop process running should be enough to prove this fix.