Fixup kernel mods

Author: bleggett

src/checkers/kernel.rs

@@ -1,24 +1,40 @@
 use crate::helpers::{
     CheckGroup, CheckGroupResult, CheckResult,
-    CheckResultValue::{Errored, Failed, Passed},
+    CheckResultValue::{Errored, Failed, Passed}, host_executor::HostNamespaceExecutor,
 };
 
 use anyhow::{Result, bail};
 use async_trait::async_trait;
 use log::debug;
 use procfs::{Current, sys::kernel};
-use std::fs;
-use std::path::PathBuf;
-use std::process::Command;
+use std::{fs, path::PathBuf, process::Command};
+use futures::{future::join_all, FutureExt};
 
 const GROUP_IDENTIFIER: &str = "KernelChecks";
 const NAME: &str = "Kernel Checks";
+// TODO (bml) assemble actual list
+const REQUIRED_MODULES: &[&str] = &[
+    "nf_tables",
+];
 
-pub struct KernelChecks;
+pub struct KernelChecks {
+    host_executor: HostNamespaceExecutor,
+}
 
 impl KernelChecks {
-    pub fn run_all(&self) -> CheckGroupResult {
-        let results = vec![self.has_modules(), self.version_is_good()];
+    pub fn new(host_executor: HostNamespaceExecutor) -> Self {
+        KernelChecks { host_executor }
+    }
+
+    /// Run all the checkers asynchronously, then
+    /// join and collect the results.
+    pub async fn run_all(&self) -> CheckGroupResult {
+        let results = join_all([
+            self.has_modules().boxed(),
+            self.version_is_good().boxed(),
+        ])
+        .await;
+
 
         let mut group_result = Passed;
         for res in results.iter() {
@@ -39,27 +55,15 @@ impl KernelChecks {
         }
     }
 
-    fn current_kernel_version(&self) -> Result<String> {
-        let output = Command::new("uname")
-            .arg("-r")
-            .output()
-            .expect("Failed to execute command");
-
-        if !output.status.success() {
-            let error_message = String::from_utf8_lossy(&output.stderr);
-            bail!("{}", error_message.to_string());
-        }
-
-        let kernel_version = String::from_utf8_lossy(&output.stdout).trim().to_string();
-        Ok(kernel_version)
-    }
-
-    fn version_is_good(&self) -> CheckResult {
+    async fn version_is_good(&self) -> CheckResult {
         let name = String::from("Host Kernel Version Is Good");
         let mut result = Passed;
 
-        // Get kernel version
-        let current = kernel::Version::current();
+        // Get host kernel version
+        let current = self.host_executor.spawn_in_host_ns(async {
+            kernel::Version::current()
+        }).await.expect("error spawning in host");
+
         if let Err(e) = current {
             return CheckResult::new(&name, Errored(e.to_string()));
         }
@@ -72,68 +76,90 @@ impl KernelChecks {
         CheckResult::new(&name, result)
     }
 
-    fn has_modules(&self) -> CheckResult {
+    async fn has_modules(&self) -> CheckResult {
         let name = String::from("Host Has Necessary Modules");
         let mut result = Passed;
 
-        let mut required_modules = vec![
-            "xen_evtchn",
-            "xen-privcmd",
-            "xen-netback",
-            "xen-pciback",
-            "xen-blkback",
-            "xen-gntdev",
-            "xen-gntalloc",
-        ];
-
-        // Get kernel version
-        let kernel_version = self.current_kernel_version();
-        if let Err(e) = kernel_version {
-            return CheckResult::new(&name, Errored(e.to_string()));
-        }
-        let kernel_version = kernel_version.unwrap();
+        let required_modules: Vec<String> = REQUIRED_MODULES.iter().map(|s| s.to_string()).collect();
 
         // Search builtin modules
-        let path = PathBuf::from(format!("/lib/modules/{kernel_version}/modules.builtin"));
-        let builtins = fs::read_to_string(path);
-        if let Err(e) = builtins {
-            return CheckResult::new(&name, Errored(e.to_string()));
+        let remaining = match self.find_builtins(&required_modules).await {
+            Ok(r) => r,
+            Err(e) => return CheckResult::new(&name, Errored(format!("getting kernel builtins {e}"))),
+        };
+
+        // Search loaded modules
+        let remaining = match self.find_loaded(&remaining).await {
+            Ok(r) => r,
+            Err(e) => return CheckResult::new(&name, Errored(format!("getting kernel modules {e}"))),
+        };
+        if !remaining.is_empty() {
+            result = Failed(format!("missing {:?}", remaining))
         }
-        let builtins = builtins.unwrap();
+
+        CheckResult::new(&name, result)
+    }
+
+    /// Looks at builtins for kernel_version and compares that to the list of
+    /// required modules.
+    /// Returns a vec of everything from required_modules that WAS NOT found in builtins.
+    async fn find_builtins(&self, required_modules: &Vec<String>) -> Result<Vec<String>> {
+        let mut modules_to_find: Vec<String> = required_modules.clone();
+
+        // read host builtins
+        let builtins = self.host_executor.spawn_in_host_ns(async move {
+            // Get kernel version
+            let output = Command::new("uname")
+                .arg("-r")
+                .output()?;
+
+            if !output.status.success() {
+                let error_message = String::from_utf8_lossy(&output.stderr);
+                bail!("{}", error_message.to_string());
+            }
+            let kernel_version = String::from_utf8_lossy(&output.stdout).trim().to_string();
+            let path = PathBuf::from(format!("/lib/modules/{kernel_version}/modules.builtin"));
+            fs::read_to_string(path).map_err(|e| anyhow::anyhow!(e))
+        }).await??;
 
         for builtin in builtins.lines() {
-            let found = required_modules
+            let found = modules_to_find
                 .iter()
                 .position(|required| builtin.contains(required));
 
             if let Some(index) = found {
-                debug!("builtin {}", required_modules[index]);
-                required_modules.remove(index);
+                debug!("builtin {}", modules_to_find[index]);
+                modules_to_find.remove(index);
             }
         }
 
-        // Search loaded modules
-        let modules = procfs::KernelModules::current();
-        if let Err(e) = modules {
-            return CheckResult::new(&name, Errored(format!("getting kernel modules {e}")));
-        }
+        Ok(modules_to_find)
+    }
+
+    /// Looks at loaded modules for the current host kernel and compares that to the list of
+    /// required modules.
+    /// Returns a vec of everything from required_modules that WAS NOT loaded.
+    async fn find_loaded(&self, required_modules: &Vec<String>) -> Result<Vec<String>> {
+        let mut modules_to_find: Vec<String> = required_modules.clone();
+
+        let modules = self.host_executor.spawn_in_host_ns(async move {
+            procfs::KernelModules::current()
+        }).await?;
+
         let modules = modules.unwrap();
 
         for (name, _) in modules.0.iter() {
-            let found = required_modules
+            let found = modules_to_find
                 .iter()
                 .position(|required| required == name);
 
             if let Some(index) = found {
-                debug!("module {}", required_modules[index]);
-                required_modules.remove(index);
+                debug!("module {}", modules_to_find[index]);
+                modules_to_find.remove(index);
             }
         }
-        if !required_modules.is_empty() {
-            result = Failed(format!("missing {:?}", required_modules))
-        }
 
-        CheckResult::new(&name, result)
+        Ok(modules_to_find)
     }
 }
 
@@ -152,6 +178,6 @@ impl CheckGroup for KernelChecks {
     }
 
     async fn run(&self) -> CheckGroupResult {
-        self.run_all()
+        self.run_all().await
     }
 }

src/main.rs

@@ -110,7 +110,7 @@ async fn main() -> Result<()> {
     let groups: Vec<Box<dyn CheckGroup>> = vec![
         Box::new(SystemChecks),
         Box::new(ScriptChecks),
-        Box::new(KernelChecks),
+        Box::new(KernelChecks::new(host_executor.clone())),
         Box::new(SystemRecorder::new(host_executor.clone())),
     ];