HEX
Server: Apache/2.4.58 (Ubuntu)
System: Linux ns3133907 6.8.0-86-generic #87-Ubuntu SMP PREEMPT_DYNAMIC Mon Sep 22 18:03:36 UTC 2025 x86_64
User: cssnetorguk (1024)
PHP: 8.2.28
Disabled: NONE
$ pwd: /proc/self/root/usr/libexec/kcare/python/kcarectl/__pycache__/
Upload Files
File: //proc/self/root/usr/libexec/kcare/python/kcarectl/__pycache__/libcare.cpython-312.pyc
�

p��g�D��D�ddlZddlZddlZddlZddlZddlmZddlmZddlmZddlm	Z	ddlm
Z
ddlmZdd	lmZdd
lm
Z
ddlmZddlmZdd
lmZddlmZddlmZmZmZ	dZdZdZdZdZdddddd�Zgd�ddgddgd�Z d�Z!d�Z"Gd �d!e#�Z$d"�Z%d:d#�Z&d$�Z'd%�Z(d&�Z)d;d'�Z*d(�Z+d)�Z,e"d*��Z-e"d+��Z.d,�Z/d-�Z0d.�Z1d/�Z2d0�Z3d1�Z4e"e%d2���Z5ejle"e%ejndfd3����Z8e"d4��Z9d5�Z:d6�Z;d:d7�Z<d8�Z=d9�Z>y)<�N�)�	constants)�config)�config_handlers)�	log_utils)�
process_utils)�utils)�auth)�errors)�selinux)�fetch)�update_utils)�server_info)�json_loads_nstr�urlquote�	HTTPErrorz!/usr/libexec/kcare/libcare-client)z/run/libcare/libcare.sockz/var/run/libcare.sockz /var/cache/kcare/libcare_patchesz /var/cache/kcare/libcare_cvelistz&/etc/sysconfig/kcare/libcare.logrotate�db�qemu)�mysqld�mariadbd�postgres�qemu-kvm�qemu-system-x86_64)rrrrr�libc�libssl)rr�libsc�b�tjjtjd|g|���S)N�	userspace)�os�path�joinr�PATCH_CACHE)�libname�partss  �-/usr/libexec/kcare/python/kcarectl/libcare.py�get_userspace_cache_pathr&.s$��
�7�7�<�<�	�-�-�{�G�L�e�L�L�c����fd�}|S)Nc�@��	�|i|��	td�S#t$r0}tjdj	|�d��Yd}~Sd}~wwxYw#	td�w#t$r0}tjdj	|�d��Yd}~wd}~wwxYwxYw)N�
clearcachez$Libcare cache clearing failed: '{0}'F��	print_msg)�libcare_client�	Exceptionr�logerror�format)�args�kwargs�err�clbls   �r%�wrapperz$clear_libcare_cache.<locals>.wrapper3s����	h���(��(�
h��|�,���
h��"�"�#I�#P�#P�QT�#U�af�g�g��
h��
h��|�,���
h��"�"�#I�#P�#P�QT�#U�af�g�g��
h�sI�A��	A�&A�A�B�A!� B�!	B�*&B�B�B�B�)r4r5s` r%�clear_libcare_cacher72s���h��Nr'c�.��eZdZd�fd�	Zdd�Zd�Z�xZS)�UserspacePatchLevelc�$��t||�||�S�N)�super�__new__)�clsr#�buildid�level�baseurl�	__class__s     �r%r=zUserspacePatchLevel.__new__As����S�#�&�s�E�2�2r'c�<�||_||_||_||_yr;)r@r#r?rA)�selfr#r?r@rAs     r%�__init__zUserspacePatchLevel.__init__Ds����
���������r'c�X�t|j|jt|�g|���Sr;)r&r#r?�str)rDr$s  r%�
cache_pathzUserspacePatchLevel.cache_pathJs#��'����d�l�l�C��I�V�PU�V�Vr'r;)�__name__�
__module__�__qualname__r=rErH�
__classcell__)rBs@r%r9r9@s���3��Wr'r9c����d����fd�}|S)Nc��d\}}	|�
t�}i}g}t|�D]]}|jdd�||jd�<|jdg�D]"}|j|jd���$�_dj	|j�D�cgc]}d	j	|���c}�}dj	|�}t
jt|d
��t
jt|d
��ycc}w#t
jt|d
��t
jt|d
��wxYw)z(KPT-1543 Save info about applyed patches)�rON�latest-versionrO�package�patches�cve�
� T)�
ensure_dir)
�
_libcare_info�_get_patches_info�get�appendr!�itemsr	�atomic_write�LIBCARE_PATCHES�LIBCARE_CVE_LIST)�info�versions�cves�packages�	cves_list�rec�patchs       r%�save_current_statez8refresh_applied_patches_list.<locals>.save_current_stateOs�����$�
	H��|�$����H��I�(��.�
7��/2�w�w�7G��/L������+�,� �W�W�Y��3�7�E��$�$�U�Y�Y�u�%5�6�7�
7��y�y�8�>�>�;K�!L�C�#�(�(�3�-�!L�M�H��9�9�Y�'�D������T�J����/��$�G��	"M��
�����T�J����/��$�G�s�BD
�D�7D
�D
�
:Ec�H��d}	�|i|��}|�|�S#�|�wxYwr;r6)r1r2r_r4rfs   ��r%r5z-refresh_applied_patches_list.<locals>.wrapperas1�����	%���(��(�D���t�$���t�$�s�	�
!r6)r4r5rfs` @r%�refresh_applied_patches_listrhNs���H�$%��Nr'c��tjxsd}t|�}t|j��}t	j
tj|d�|||d�}|dtjtjd|��zz
}tj|d�}	tjtj�|d��}t)j*|j,�t/t	j0|j3���}t5|||d|jd��}t7|d�}	t'|||	d
�}
t8j:j=|
�r"t8j:j?|
�dk(rSt	j
|d�}	tj@||
tjBtjD|���t'|||	�}dd|
d|dg}
tMjN|
d	d	��\}}}|r&tjPdjS|||���t'||d�}t8j:jU|�s4t8j:jW|�rt#j$|�t9jX|	|dz�t9jZ|dz|�y#tj $r#t#j$t'||�d	�
��wxYw#tF$r)}|jHdvrtjJd���d}~wwxYw)N�main�uz	latest.v1z?info=�updaterF)�
check_licenseT)�
ignore_errorsr@rAzpatch.tar.gzr�	patch_url)�check_signature�hash_checker)i�i�zKC+ licence is required�tar�xfz-Cz--no-same-owner��catch_stdout�catch_stderrz(Patches unpacking error: '{0}' '{1}' {2}�latestz.tmp).r�PREFIXr�stripr	�get_patch_server_url�LIBNAME_MAPrYr�encode_server_lib_info�server_lib_infor
�wrap_with_cache_keyr
�urlopen_authr�NotFound�shutil�rmtreer&r�set_config_from_patchserver�headersr�nstr�readr9rGrr �exists�getsize�	fetch_url�
USE_SIGNATURE�get_hash_checkerr�code�NoLibcareLicenseExceptionr�run_command�
KcareErrorr0�islink�isdir�symlink�rename)r#�build_id�patch_level�prefix�url�	cache_dst�response�metar@�plevel�
patch_path�ex�dst�cmdr��stdout�stderr�	link_names                  r%�fetch_userspace_patchr�ls���
�]�]�
$�f�F��w��G�����(�)�H�
�
$�
$�[�_�_�W�c�%B�F�G�U]�_j�
k�C��8�k�8�8��9T�9T�U]�_j�9k�l�l�l�C������0�I��?�5�,�,�T�->�->�?��SX�Y���/�/��0@�0@�A��5�:�:�h�m�m�o�6�7�D��	�8�T�'�]�D�H�H�Y�DW�X�E�
��g��
�F�)�)�X�v�~�V�J�
�7�7�>�>�*�%�������)D��)I��(�(��k�):�;��	��O�O�C��V�=Q�=Q�`e�`v�`v�w|�`}�~�#�9�h��
?�C��$�
�D�#�/@�
A�C�(�4�4�S�t�Z^�_��D�&�&����� J� Q� Q�RX�Z`�bf� g�h�h�(��H�h�G�I�
�7�7�>�>�)�$������y�)A��
�
�i� ��J�J�v�y�6�)�*��I�I�i�&� �)�,��C�?�?��	�
�
�.�y�(�C�SW�X�
�	��"�	��w�w�*�$��6�6�7P�Q�Q���		�s$�,+K�8:L�6L�	M	� $M�M	c���|t_|s
t�tj|rdnd��|r
t�tjjd|r	dz�ydz�y)N�FALSE�YES)�LIBCARE_DISABLEDzlibcare service is �enabled�disabled)	rr��libcare_server_stopr�
update_config�libcare_server_startr�kcarelogr_)r�s r%�set_libcare_statusr��sT��")�k�F������!�!�w�G�E�S����
�����1�'�Y�Z�[�z�Z�[r'c��	tjdd�ddg}tj|�y#t$rYywxYw)N�service�z
/usr/sbin/z/sbin/�libcare�stop�r�find_cmdr.r��r�s r%r�r��sF����%�%�i�1I�J�I�W]�^�����c�"������s�1�	=�=c��tjs-tjj	tj
�rMt
jtj
ddg�t
jtj
ddg�y	t
jdd�ddg}t
j|�y#t$rYywxYw)Nzreset-failedr��restartzlibcare.socketr�r��start)
r�SKIP_SYSTEMCTL_CHECKrr r��	SYSTEMCTLrr�r�r.r�s r%r�r��s����%�%������	�8K�8K�)L��!�!�9�#6�#6��	�"R�S��!�!�9�#6�#6�	�CS�"T�U�	� �)�)�)�5M�N�PY�[b�c�C�	�!�!�#�&���	��	�s�B;�;	C�Cc�R��djd�t|xsg�D��}ddg}�s|dd|gz
}	t|�}g}|jd�D]*}|s�	|jtj|���,|D�cgc]&}|jd	�|jd
�|d���(}}|D]*}t�fd�|d
j�D��|d
<�,|S#t$r)}t	j
dj
|���d}~wwxYw#t$rY��wxYwcc}w)N�|c3�>K�|]}dj|����y�w)z({0})N)r0)�.0�procs  r%�	<genexpr>z _libcare_info.<locals>.<genexpr>�s����K�t�g�n�n�T�*�K�s�r_z-jz-lz-rz/Gathering userspace libraries info error: '{0}'rT�comm�pid)r�r�rc3�:�K�|]\}}d|vs�r�
||f���y�w)�patchlvlNr6)r��k�v�patcheds   �r%r�z _libcare_info.<locals>.<genexpr>�s#�����h�t�q�!�
�VW��_f�Q��F�h�s��	r)r!�sortedr-r.rr�r0�splitrZ�json�loads�
ValueError�pop�dictr[)r��limit�regexpr��linesr3�result�lines`       r%rWrW�s>���
�X�X�K�v�e�k�r�7J�K�
K�F��4�.�C����d�F�#�#��_���$���F����D�!����
��
�
�d�j�j��.�/��\b�
b�SW�t�x�x��'�������N�
b�F�
b��i���h�t�F�|�/A�/A�/C�h�h��V��i��M��)�_���� Q� X� X�Y\� ]�^�^��_���
��
��cs/�C �$D�+D$� 	D�)$D
�
D�	D!� D!c	��t�}|D]6}|dj�D]\}}|j|d|df�� �8g}tD]|}|D]u\}}t	||t|�d�}	tjj|	�s�=t|	d�5}
|jtj|
��ddd��w�~|S#1swY��xYw)Nrr?r�z	info.json�r)
�setr[�add�
USERSPACE_MAPr&rGrr �isfile�openrZr��load)r_rRrd�_�datar�r�r�r��patch_info_filename�fds           r%rXrX�s����e�G��=���6�{�(�(�*�	=�G�A�t��K�K��i��$�z�*:�;�<�	=�=��F�"�1�	�")�	1��H�h�":�9�h�PS�T\�P]�_j�"k���w�w�~�~�1�2��-�s�3�1�r��M�M�$�)�)�B�-�0�1�1�	1�1��M�1�1�s�%C�Cc�(�tt��Sr;)rXrWr6r'r%�libcare_patch_info_basicr��s���]�_�-�-r'c�r�t�}|stjd�tjd|i�S�NzNo patched processes.r�)r�rr/r��dumps�r�s r%�libcare_patch_infor��s0��
%�
'�F�����2�3��:�:�x��(�)�)r'c�r�t�}|stjd�tjd|i�Sr�)rWrr/r�r�r�s r%�libcare_infor��s/��
�_�F�����2�3��:�:�x��(�)�)r'c�p�i}t�D]&}|jdd�||jd�<�(|S)NrPrOrQ)r�rY)r�rds  r%�_libcare_versionr��s?��
�F�'�)�C��%(�W�W�-=�r�%B��s�w�w�y�!�"�C��Mr'c�n�t�j�D]\}}|j|�s�|cSy)NrO)r�r[�
startswith)r#rQ�versions   r%�libcare_versionr�s:��,�.�4�4�6��������g�&��N��r'c�8�djd�|D��dzS)Nr'c3�LK�|]}tj|�dz���y�w)�N)r	�bstr)r��ps  r%r�z(libcare_client_format.<locals>.<genexpr>
s����:�a�E�J�J�q�M�E�)�:�s�"$r�)r!)�paramss r%�libcare_client_formatr�	s���8�8�:�6�:�:�U�B�Br'c��tD]%}tjj|�s�#|cSt	j
d��)NzLibcare socket is not found.)�LIBCARE_SOCKETrr r�rr�)�libcare_sockets r%�get_available_libcare_socketr�
s;��(�"��
�7�7�>�>�.�)�!�!�"��
�
�:�
;�;r'c��tjrtjd��t	jtj
tjd�}|jd�d}	|jt��|jtj�t|�}tjdj|���|j|�	|j!d�}|sn||z
}�|j#dd	�}tjd
j|���||j%�S#|j%�wxYw)NzLibcare is disabled.r�
r'zLibcare socket send: {cmd}r�izutf-8�replacez!Libcare socket recieved: {result}r�)rr�rr��socket�AF_UNIX�SOCK_STREAM�
settimeout�connectr��LIBCARE_SOCKET_TIMEOUTr�r�logdebugr0�sendall�recv�decode�close)r��sock�resr�r�r�s      r%r-r-s
��
������ 6�7�7��=�=�����);�);�Q�?�D��O�O�B��

�C�����1�3�4�����5�5�6�#�F�+�����7�>�>�6�>�J�K����S����9�9�T�?�D����4�K�C�	�
���G�Y�/�����>�E�E�V�E�T�U���
�
����
�
��s
�-CE
�
Ec�*�|D]$}	tdt|��	td��&y#t$r)}tjdj|���d}~wwxYw#t$r)}tjdj|���d}~wwxYw)N�storagez(Userspace storage switching error: '{0}'rlz%Userspace patch applying error: '{0}')r-r&r.rr�r0)r�r�r3s   r%�libcare_patch_applyr
,s����	Y��	\��9�&>�s�&C�D�	Y��8�$�	Y���	\��#�#�$N�$U�$U�VY�$Z�[�[��	\��
�	Y��#�#�$K�$R�$R�SV�$W�X�X��	Y�s+�+�A �	A�$A�A� 	B�)$B
�
Bc��	td�y#t$r)}tjdj	|���d}~wwxYw)N�unloadz&Userspace patch unloading error: '{0}')r-r.rr�r0)r3s r%�libcare_unloadr9s@��V��x� ���V���� H� O� O�PS� T�U�U��V�s��	A�$;�Ac	���tj�t�|tjk(rt
jsy|�ttj��}g}|D]'}|jtj|g���)|s%tjdj|��yt|��\}}}}|rt!j"d��|stjd�yt%j&t(j*j-tj.d��t�	t1|�t7�}	t9|	�}
t;td�|	D���sytj<d	j|�
��tj<dj|
���t?d
�|
jA�D��}t?d�|jA�D��}||z
}
tCd�|
jA�D��}tjdjtE|
�|���|
jG�D]3\}}tjdj|tE|����5|	S#t j"$r8}tj2t5|��t!j"d��d}~wwxYw)z0Patch userspace processes to the latest version.NzNo such userspace patches: {0})r�z:There was an errors while patches downloading (unpacking).zNo patches were found.rz+There was an errors while patches applying.c3�&K�|]	}|d���y�w)rNr6)r��items  r%r�z&do_userspace_update.<locals>.<genexpr>ts����8�T�D��L�8�s�zPatched before: {before})�beforezPatched after: {after})�afterc3�.K�|]
}|D]}|����y�wr;r6�r�r[r�s   r%r�z&do_userspace_update.<locals>.<genexpr>{s����H��%�H�Q�1�H�1�H���c3�.K�|]
}|D]}|����y�wr;r6rs   r%r�z&do_userspace_update.<locals>.<genexpr>|s����J�%�E�J�q�A�J�A�J�rc3�2K�|]}t|����y�wr;)�len)r�r�s  r%r�z&do_userspace_update.<locals>.<genexpr>s����1�Q�#�a�&�1�s�z�The patches have been successfully applied to {count} newly discovered processes. The overall amount of applied patches is {overall}.)�count�overallz*Object `{0}` is patched for {1} processes.)$r�log_all_parent_processes�rotate_libcare_logsr�UPDATE_MODE_AUTOr�LIB_AUTO_UPDATE�listr��keys�extendrYr�loginfor0�check_userspace_updatesrr�r�restore_selinux_contextrr r!r"r
r/rGrW�_get_userspace_procs�anyrr��values�sumrr[)�moder��process_filter�userspace_patch�failed�something_foundr�rr��
data_afterr�uniq_procs_after�uniq_procs_before�diffrr�r�s                 r%�do_userspace_updater5Bso���*�*�,����y�)�)�)�&�2H�2H���}��]�'�'�)�*���N� �F�����m�/�/���D�E�F�����:�A�A�%�H�I��)@�~�)V�&�F�O�Q��
���� \�]�]�����2�3���#�#�B�G�G�L�L��1F�1F��$T�U���O��E�"���J� ��,�E��t�8�Z�8�8�9�����1�8�8��8�G�H�
���/�6�6�U�6�C�D��H�%�,�,�.�H�H���J�6�=�=�?�J�J���/�/�D��1�%�,�,�.�1�1�G�
���	���S��Y���@�����
�Z���1����F�M�M�a�QT�UV�QW�X�Y�Z����9���O����3�r�7�#���� M�N�N��O�s�J%�%K0�83K+�+K0c��	t�\}}}}|ry|rytjd��rdSdS#tj$rYywxYw)N�r�.libcarestatus��filename�r)r&rr�r�status_gap_passed)r/r��libs_not_patcheds   r%�get_userspace_update_statusr>�sZ���)@�)B�&���#�Q������.�.�8H�I�1�P�q�P��������s�1�A�Ac��i}|D]T}|dj�D]<\}}|jd�s�||vrg||<||j|d|df��>�V|S)Nrr�r�r�)r[rYrZ�r_r�rr#rds     r%r(r(�s}��
�F��D�� ��L�.�.�0�	D�L�G�S��w�w�z�"��&�(�&(�F�7�O��w��&�&��U��T�&�\�'B�C�		D�D��Mr'c
��t�}|D]D}|dj�D],\}}|j||d|jdd�f��.�F|S)Nrr?r�r)r�r[r�rYr@s     r%�_get_userspace_libsrB�se��
�U�F��J�� ��L�.�.�0�	J�L�G�S��J�J���Y������Q�1G�H�I�	J�J��Mr'c�2�|s3g}tj�D�cgc]}|j|���c}td|��}t	|�}dx}}d}t|�D]}|\}}	}
	t
||	|
�d}|
dk7rd}�!tj d��||||fScc}w#tjtjf$rY�htj$r�tj$r*}d}tjt|��Yd}~��d}~wwxYw)NF)r�r�Trr8r9)r�r*r$rWr(rBr�rr�r��AlreadyTrialedExceptionr�rr/rGr�touch_status_gap_file)r�r�data_beforerr/r0r=rdr#r�r�r�s            r%r&r&�s�����(5�(<�(<�(>�?�����d�	�?���U�;�K�
!�+�
.�F�$�$�F�_���"�;�/�(��&)�#���8�	(�!�'�8�X�>�"�O��1�}�#(� ��(� �&�&�0@�A��?�$4�f�<�<��3	@������!A�!A�B�	���-�-�	��� � �	(��F����s�2�w�'�'��	(�s#�B�)B"�"#D�%D�, D�Dc�:�d}d}tjdd��}|rK	tj|tgd��\}}}|r>t
jd	j|�d�
�nt
jdd�
�d}tjj|�sytjd
z}	tj|�}t!j"d�}|D�	cgc]4}	|j%|	�s�tjj'||	���6}
}	|
D�cgc]#}tjj)|�|f��%}}|j+d��d}
|D]b\}}|
tjj-|�z
}
|
|k\s�.tj.|�tj0j3d|��dy#t$r}d}t|�}Yd}~���d}~wwxYwcc}	wcc}w#t$rt
j4dd�
�YywxYw)NrrO�	logrotateF)�	raise_excT)rvrz5failed to run logrotate for libcare logs, stderr: {0}r+zlogrotate utility wasn't foundz/var/log/libcare/iz^\d+\.log.*)�reversez%Removed %s because of logs size limitz)Failed to cleanup libcare server logfiles)rr�r��LIBCARE_LOGROTATE_CONFIGr.rGrr/r0�logwarnrr r�r�!LIBCARE_PIDLOGS_MAX_TOTAL_SIZE_MB�listdir�re�compile�matchr!�getctime�sortr��remover�r_�logexc)�rcr��logrotate_pathr��e�libcare_log_directory�max_total_size�	log_files�	pidlog_re�fn�pidlog_files�fp�pidlog_files_with_ct�
total_size�filepaths               r%rr�s���	
�B�
�F�"�+�+�K�5�I�N��	�)�5�5�~�G_�6`�os�t�M�B��6�
����V�]�]�^d�e�qv�w����:�e�L�/��
�7�7�=�=�.�/���=�=��I�N�W��J�J�4�5�	��J�J�~�.�	�JS�k�B�W`�Wf�Wf�gi�Wj������%:�B�?�k��k�EQ�R�r����!1�!1�"�!5�r� :�R��R��!�!�$�!�/��
�/�	[�K�A�x��"�'�'�/�/�(�3�3�J��^�+��	�	�(�#��"�"�'�'�(O�QY�Z�		[��1�	��B���V�F��	��"l��R���W����D�PU�V�W�sT�!G	�6.G7�$G-�;"G-�G7�#(G2�AG7�7G7�		G*�
G%�%G*�-
G7�7 H�Hc��	tjdd�ddg}tj|dd��\}}}|dk(S#t$rYywxYw)	zKAssume that whenever the service is not running, we did not patch anything.r�r�r��statusFTrtrr�)r�r�r�s   r%�libcare_server_startedre�s]����%�%�i�1I�J�I�W_�`���*�*�3�T�PT�U�J�D�!�Q��1�9���	����s�<�	A�Ar;)TN)?rrOr�r�r�rOrrrrrr	r
rrr
rr�py23rrr�typing�Dict�List�Tuple�LIBCARE_CLIENTr�r]r^rKr{r�r&r7�intr9rhr�r�r�r�rWrXr�r�r�r�r�r�r�r-r
r�skip_if_no_selinux_module�UPDATE_MODE_MANUALr5r>r(rBr&rrer6r'r%�<module>ros���

�	�
�
��������������6�6��5����5��5��C���4�T�v�ms�t��
,�
�-�.�
�X���
�M��W�#�W��<*-�Z\�#�'��>�.��*��*��*��*���C�<��0
Y���V���V�	�"�"���&�9�9��D���#�D�N�Q��Q���=�>'W�Tr'
@ Telegram